[
https://issues.apache.org/jira/browse/VALIDATOR-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17250723#comment-17250723
]
Taufiq Hoven edited comment on VALIDATOR-390 at 12/17/20, 1:47 AM:
-------------------------------------------------------------------
With the identification of security vulnerabilities in [Commons Collections
3.2.2|https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-472711] , dependency
scanning tools are marking Commons Validator as vulnerable through that
dependency. While Validator itself may not be affected if it's not using
vulnerable code (I haven't confirmed either way), anyone in organisations that
mandate removal/upgrade of vulnerable libraries will be impacted.
was (Author: taufiqhoven):
With the identification of security vulnerabilities in [Commons Collections
3.2.2|[https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-472711]] , dependency
scanning tools are marking Commons Validator as vulnerable through that
dependency. While Validator itself may not be affected if it's not using
vulnerable code (I haven't confirmed either way), anyone in organisations that
mandate removal/upgrade of vulnerable libraries will be impacted.
> Upgrade to Commons Collections 4.x
> ----------------------------------
>
> Key: VALIDATOR-390
> URL: https://issues.apache.org/jira/browse/VALIDATOR-390
> Project: Commons Validator
> Issue Type: Improvement
> Reporter: Jake Brownell
> Priority: Minor
>
> Commons Validator 1.5 now uses Java 1.6. Commons Collections 4.0/4.1 has the
> same Java requirement.
> I noticed that CV seems to be the only one of many third party dependencies
> in my project that requires CC 3.2.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
