Discussion:
commons-validator and commons-beanutils 1.9.2
Greg Huber
2018-08-29 07:05:18 UTC
Permalink
Hello,

Noticed that commons-validator uses commons-beanutils 1.9.2, there is 1.9.3
available without the vulnerable commons-collections 3.2.1. Although
commons-validator uses commons-collections 3.2.2 (overrides the 3.2.1). I
still get the commons-beanutils 1.9.2.

Will commons-validator be updated to use commons-beanutils 1.9.3?

Cheers Greg
Gary Gregory
2018-08-29 13:58:53 UTC
Permalink
Probably at some point yes, in the meantime you can just update the
dependency in your POM.

Gary
Post by Greg Huber
Hello,
Noticed that commons-validator uses commons-beanutils 1.9.2, there is 1.9.3
available without the vulnerable commons-collections 3.2.1. Although
commons-validator uses commons-collections 3.2.2 (overrides the 3.2.1). I
still get the commons-beanutils 1.9.2.
Will commons-validator be updated to use commons-beanutils 1.9.3?
Cheers Greg
Loading...