Return-Path: 
 <issues-return-45675-apmail-commons-issues-archive=commons.apache.org@commons.apache.org>
X-Original-To: apmail-commons-issues-archive@minotaur.apache.org
Delivered-To: apmail-commons-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 451DA10918
	for <apmail-commons-issues-archive@minotaur.apache.org>;
 Fri, 16 Jan 2015 19:17:38 +0000 (UTC)
Received: (qmail 49488 invoked by uid 500); 16 Jan 2015 19:17:35 -0000
Delivered-To: apmail-commons-issues-archive@commons.apache.org
Received: (qmail 49394 invoked by uid 500); 16 Jan 2015 19:17:35 -0000
Mailing-List: contact issues-help@commons.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@commons.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@commons.apache.org>
List-Post: <mailto:issues@commons.apache.org>
List-Id: <issues.commons.apache.org>
Reply-To: issues@commons.apache.org
Delivered-To: mailing list issues@commons.apache.org
Received: (qmail 49173 invoked by uid 99); 16 Jan 2015 19:17:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Jan 2015 19:17:34 +0000
Date: Fri, 16 Jan 2015 19:17:34 +0000 (UTC)
From: "Sebb (JIRA)" <jira@apache.org>
To: issues@commons.apache.org
Message-ID: <JIRA.12767738.1421333593000.104245.1421435854904@Atlassian.JIRA>
In-Reply-To: <JIRA.12767738.1421333593000@Atlassian.JIRA>
References: <JIRA.12767738.1421333593000@Atlassian.JIRA>
 <JIRA.12767738.1421333593419@arcas>
Subject: [jira] [Commented] (VALIDATOR-357) Upgrade BeanUtils
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/VALIDATOR-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14280685#comment-14280685 ] 

Sebb commented on VALIDATOR-357:
--------------------------------

Currently the only references to BeanUtils are to PropertyUtils

Field: calls PropertyUtils.getProperty(bean, this.getIndexedListProperty()); twice

ValidatorUtils: public static String getValueAsString(Object bean, String property)
PropertyUtils.getProperty(bean, property);

> Upgrade BeanUtils
> -----------------
>
>                 Key: VALIDATOR-357
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-357
>             Project: Commons Validator
>          Issue Type: New Feature
>          Components: Framework
>    Affects Versions: 1.1.3 Release, 1.2.0 Release, 1.3.0 Release, 1.3.1 Release, 1.4.0 Release, 1.4.1 Release
>            Reporter: David Dillard
>            Priority: Minor
>             Fix For: 1.5.0
>
>
> Validator 1.41 depends on BeanUtils 1.8.3.  This has a "potential security issue", see http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt  Also, see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114
> Even if this issue doesn't affect Validator, BeanUtils should be upgraded so that issue issue doesn't affect other users of BeanUtils given the screwy way some builders (e.g. Maven) resolve conflicting dependencies.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)