commons-validator and commons-beanutils 1.9.2

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

commons-validator and commons-beanutils 1.9.2

Greg Huber
Hello,

Noticed that commons-validator uses commons-beanutils 1.9.2, there is 1.9.3
available without the vulnerable commons-collections 3.2.1.  Although
commons-validator uses commons-collections 3.2.2 (overrides the 3.2.1).  I
still get the commons-beanutils 1.9.2.

Will commons-validator be updated to use commons-beanutils 1.9.3?

Cheers Greg
Reply | Threaded
Open this post in threaded view
|

Re: commons-validator and commons-beanutils 1.9.2

garydgregory
Probably at some point yes, in the meantime you can just update the
dependency in your POM.

Gary

On Wed, Aug 29, 2018 at 1:05 AM Greg Huber <[hidden email]> wrote:

> Hello,
>
> Noticed that commons-validator uses commons-beanutils 1.9.2, there is 1.9.3
> available without the vulnerable commons-collections 3.2.1.  Although
> commons-validator uses commons-collections 3.2.2 (overrides the 3.2.1).  I
> still get the commons-beanutils 1.9.2.
>
> Will commons-validator be updated to use commons-beanutils 1.9.3?
>
> Cheers Greg
>