subject:"\[GitHub\] \[commons\-beanutils\] dguiney commented on issue #7\: BEANUTILS\-520\: Mitigate CVE\-2014\-0114 by enabling SuppressPropertiesB…"

[GitHub] [commons-beanutils] dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…

2019-10-01 Thread GitBox

dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB… URL: https://github.com/apache/commons-beanutils/pull/7#issuecomment-537179737 Just to follow up. If the security violation is because of trying to access the properties of "class" . Why n

[GitHub] [commons-beanutils] dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…

2019-10-01 Thread GitBox

dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB… URL: https://github.com/apache/commons-beanutils/pull/7#issuecomment-537179020 Perfect. thanks @melloware This is an autom

[GitHub] [commons-beanutils] dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…

2019-10-01 Thread GitBox

dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB… URL: https://github.com/apache/commons-beanutils/pull/7#issuecomment-537176485 I upgraded my lib to 1.9.4 and added the suggested opt-out to my code. But PropertyUtilsBean.getSimpleP