[ https://issues.apache.org/jira/browse/VALIDATOR-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebb updated VALIDATOR-357: --------------------------- Fix Version/s: (was: 1.5.0) > Upgrade BeanUtils > ----------------- > > Key: VALIDATOR-357 > URL: https://issues.apache.org/jira/browse/VALIDATOR-357 > Project: Commons Validator > Issue Type: New Feature > Components: Framework > Affects Versions: 1.1.3 Release, 1.2.0 Release, 1.3.0 Release, 1.3.1 > Release, 1.4.0 Release, 1.4.1 Release > Reporter: David Dillard > Priority: Minor > > Validator 1.41 depends on BeanUtils 1.8.3. This has a "potential security > issue", see > http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt > Also, see http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2014-0114 > Even if this issue doesn't affect Validator, BeanUtils should be upgraded so > that issue issue doesn't affect other users of BeanUtils given the screwy way > some builders (e.g. Maven) resolve conflicting dependencies. -- This message was sent by Atlassian JIRA (v6.3.4#6332)