commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Dillard (JIRA)" <j...@apache.org>
Subject [jira] [Created] (VALIDATOR-357) Upgrade BeanUtils
Date Thu, 15 Jan 2015 14:53:34 GMT
David Dillard created VALIDATOR-357:
---------------------------------------

             Summary: Upgrade BeanUtils
                 Key: VALIDATOR-357
                 URL: https://issues.apache.org/jira/browse/VALIDATOR-357
             Project: Commons Validator
          Issue Type: New Feature
          Components: Framework
    Affects Versions: 1.4.1 Release, 1.4.0 Release, 1.3.1 Release, 1.3.0 Release, 1.2.0 Release,
1.1.3 Release
            Reporter: David Dillard
            Priority: Minor


Validator 1.41 depends on BeanUtils 1.8.3.  This has a "potential security issue", see http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
 Also, see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114

Even if this issue doesn't affect Validator, BeanUtils should be upgraded so that issue issue
doesn't affect other users of BeanUtils given the screwy way some builders (e.g. Maven) resolve
conflicting dependencies.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message