[
https://issues.apache.org/jira/browse/VALIDATOR-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17293858#comment-17293858
]
Lonzak commented on VALIDATOR-357:
----------------------------------
This can be closed Beanutils was updated to 1.9.4
> Upgrade BeanUtils
> -----------------
>
> Key: VALIDATOR-357
> URL: https://issues.apache.org/jira/browse/VALIDATOR-357
> Project: Commons Validator
> Issue Type: New Feature
> Components: Framework
> Affects Versions: 1.1.3 Release, 1.2.0 Release, 1.3.0 Release, 1.3.1
> Release, 1.4.0 Release, 1.4.1 Release
> Reporter: David Dillard
> Priority: Minor
>
> Validator 1.41 depends on BeanUtils 1.8.3. This has a "potential security
> issue", see
> http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
> Also, see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114
> Even if this issue doesn't affect Validator, BeanUtils should be upgraded so
> that issue issue doesn't affect other users of BeanUtils given the screwy way
> some builders (e.g. Maven) resolve conflicting dependencies.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
