[
https://issues.apache.org/jira/browse/UNOMI-836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Sinovassin-Naïk updated UNOMI-836:
-------------------------------------------
Description:
Remove apache-beanutils, last release was in 2019 and it's using
commons-collections 3.2.2 which bring some vulnerabilities
We are using apache-beanutils to access easily to to the event or profile
object fields.
I did not check yet if there is an alternative to apache-beanutils. Maybe
jackson can be used to replace it
We could implement the behaviour of the library, but it might be complex. We
might have to use reflection in java and the methods of the library is used in
many places in Unomi
was:Remove apache-beanutils, last release was in 2019 and it's using
commons-collections 3.2.2 which bring some vulnerabilities
> Remove apache-beanutils
> -----------------------
>
> Key: UNOMI-836
> URL: https://issues.apache.org/jira/browse/UNOMI-836
> Project: Apache Unomi
> Issue Type: Task
> Reporter: Jonathan Sinovassin-Naïk
> Priority: Major
>
> Remove apache-beanutils, last release was in 2019 and it's using
> commons-collections 3.2.2 which bring some vulnerabilities
> We are using apache-beanutils to access easily to to the event or profile
> object fields.
> I did not check yet if there is an alternative to apache-beanutils. Maybe
> jackson can be used to replace it
> We could implement the behaviour of the library, but it might be complex. We
> might have to use reflection in java and the methods of the library is used
> in many places in Unomi
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
