You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "jandry (JIRA)" <ji...@apache.org> on 2016/05/20 08:16:12 UTC

[jira] [Created] (BEANUTILS-489) You should upgrade dependendy on commons-collections to avoid CVE-2015-4852

jandry created BEANUTILS-489:
--------------------------------

             Summary: You should upgrade dependendy on commons-collections to avoid CVE-2015-4852
                 Key: BEANUTILS-489
                 URL: https://issues.apache.org/jira/browse/BEANUTILS-489
             Project: Commons BeanUtils
          Issue Type: Bug
          Components: Locale BeanUtils / Converters
    Affects Versions: 1.9.2
         Environment: any
            Reporter: jandry
            Priority: Critical


You have fix CVE-2014-0114 in benutils 1.9.2 but you still have a dependency on commons-collections 3.2.1 which is well known for CVE-2015-4852
https://issues.apache.org/jira/browse/COLLECTIONS-583

You must upgrade dependency to 3.2.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)