CVE-2014-0114

Should we bump commons-beanutils-1.8.0.jar to the latest 1.9.3? struts2-tiles-plugin Cheers Greg

CVE-2014-0114

Sorry, a bit more info, I am replacing/removing commons-validator 1.6 which brings beanutils 1.9.3, now checking the jars, it now reverts back to 1.8.0, This is the hierarchy reported using eclipse : struts2-tiles-plugin 2.5.16 tiles-core 3.0.7 commons-digester 2.0 commons-beanutils

Re: CVE-2014-0114

1++ commons-beanutils-1.9.3.jar works here in production since ages. Markus Am 24.06.2018 um 11:37 schrieb Greg Huber: > Should we bump commons-beanutils-1.8.0.jar to the latest 1.9.3? > > struts2-tiles-plugin > > Cheers Greg > ---

Build failed in Jenkins: Struts-master-JDK7-dependency-check #77

See -- [...truncated 1.23 MB...] [INFO] --- maven-compiler-plugin:3.5.1:compile (default-compile) @ struts2-tiles-plugin --- [INFO] Changes detected - recompiling the m

Re: CVE-2014-0114

Looks like its already been done in 2.6-SNAPSHOT update commons-beanutils dependency to version 1.9.3 Issue: WW-4926 On 24 June 2018 at 12:25, i...@flyingfischer.ch wrote: > 1++ > > commons-beanutils-1.9.3.jar works here in production since ages. > > Markus > > Am 24.06.2018 um 11:37 schrieb Gr