Hello Vinay, Did you see the responses on the user@commons.apache.org mailing list?
https://lists.apache.org/thread/36tgd2vrzc6tdzrskz603ooxblygw4z9 It's difficult to give more specific estimates. Kind regards, Arnout On Thu, Sep 12, 2024 at 5:46 PM Modi, Vinay (Berkeley Heights) <vinay.m...@fiserv.com.invalid> wrote: > > Apache Team > > > > Can someone please acknowledge or direct me to the right group > > > > Regards > > Vinay > > > > From: Modi, Vinay (Berkeley Heights) > Sent: Tuesday, September 3, 2024 2:12 PM > To: user@commons.apache.org; brit...@apache.org; simonetrip...@apache.org; > mcucchi...@apache.org; grobme...@apache.org > Cc: Commons Security <secur...@commons.apache.org> > Subject: RE: beanutils2 | Planned Release Date > > > > Team > > > > Can someone please help me with an answer. Is there any plan to release a > stable version of BeanUtils2. > > > > My understanding is that this is the way to step away from Apache Commons > 3.2.2 > > > > Sonatype rules indicate Apache Commons 3.2.2 as vulnerable. > > > > Regards > > Vinay > > From: Modi, Vinay (Berkeley Heights) <vinay.m...@fiserv.com> > Sent: Thursday, August 29, 2024 9:13 AM > To: user@commons.apache.org > Subject: beanutils2 | Planned Release Date > > > > > > Good Afternoon. We at Fiserv use Apache commons libraries in our web > applications. I am just curious to know when is Apache planning to release a > stable version of BeanUtils2. This is because we are still using BeanUtils > which in turn has a dependency on Apache Commons 3.2.2 > > > > A recent vulnerability discovered in Apache Commons 3.2.2 requires us to > upgrade this version, which means a new version of BeanUtils that uses Apache > Commons 4 > > > > Appreciate your feedback/response. > > > > There is a resolution to the vulnerability available in commons-collections > (4.3). > > > > > > Regards > > Vinay -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@commons.apache.org For additional commands, e-mail: user-h...@commons.apache.org
