[jira] [Created] (VALIDATOR-357) Upgrade BeanUtils

David Dillard (JIRA) Thu, 15 Jan 2015 06:54:06 -0800

David Dillard created VALIDATOR-357:
---------------------------------------


             Summary: Upgrade BeanUtils
                 Key: VALIDATOR-357
                 URL: https://issues.apache.org/jira/browse/VALIDATOR-357
             Project: Commons Validator
          Issue Type: New Feature
          Components: Framework
    Affects Versions: 1.4.1 Release, 1.4.0 Release, 1.3.1 Release, 1.3.0 
Release, 1.2.0 Release, 1.1.3 Release
            Reporter: David Dillard
            Priority: Minor


Validator 1.41 depends on BeanUtils 1.8.3.  This has a "potential security 
issue", see 
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
  Also, see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114

Even if this issue doesn't affect Validator, BeanUtils should be upgraded so 
that issue issue doesn't affect other users of BeanUtils given the screwy way 
some builders (e.g. Maven) resolve conflicting dependencies.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (VALIDATOR-357) Upgrade BeanUtils

Reply via email to