You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2015/11/26 17:42:11 UTC

[jira] [Updated] (VALIDATOR-357) Upgrade BeanUtils

     [ https://issues.apache.org/jira/browse/VALIDATOR-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sebb updated VALIDATOR-357:
---------------------------
    Fix Version/s:     (was: 1.5.0)

> Upgrade BeanUtils
> -----------------
>
>                 Key: VALIDATOR-357
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-357
>             Project: Commons Validator
>          Issue Type: New Feature
>          Components: Framework
>    Affects Versions: 1.1.3 Release, 1.2.0 Release, 1.3.0 Release, 1.3.1 Release, 1.4.0 Release, 1.4.1 Release
>            Reporter: David Dillard
>            Priority: Minor
>
> Validator 1.41 depends on BeanUtils 1.8.3.  This has a "potential security issue", see http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt  Also, see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114
> Even if this issue doesn't affect Validator, BeanUtils should be upgraded so that issue issue doesn't affect other users of BeanUtils given the screwy way some builders (e.g. Maven) resolve conflicting dependencies.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)