commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (VALIDATOR-357) Upgrade BeanUtils
Date Thu, 26 Nov 2015 16:42:11 GMT

     [ https://issues.apache.org/jira/browse/VALIDATOR-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sebb updated VALIDATOR-357:
---------------------------
    Fix Version/s:     (was: 1.5.0)

> Upgrade BeanUtils
> -----------------
>
>                 Key: VALIDATOR-357
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-357
>             Project: Commons Validator
>          Issue Type: New Feature
>          Components: Framework
>    Affects Versions: 1.1.3 Release, 1.2.0 Release, 1.3.0 Release, 1.3.1 Release, 1.4.0
Release, 1.4.1 Release
>            Reporter: David Dillard
>            Priority: Minor
>
> Validator 1.41 depends on BeanUtils 1.8.3.  This has a "potential security issue", see
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt  Also,
see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114
> Even if this issue doesn't affect Validator, BeanUtils should be upgraded so that issue
issue doesn't affect other users of BeanUtils given the screwy way some builders (e.g. Maven)
resolve conflicting dependencies.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message