Probably at some point yes, in the meantime you can just update the dependency in your POM.
Gary On Wed, Aug 29, 2018 at 1:05 AM Greg Huber <[email protected]> wrote: > Hello, > > Noticed that commons-validator uses commons-beanutils 1.9.2, there is 1.9.3 > available without the vulnerable commons-collections 3.2.1. Although > commons-validator uses commons-collections 3.2.2 (overrides the 3.2.1). I > still get the commons-beanutils 1.9.2. > > Will commons-validator be updated to use commons-beanutils 1.9.3? > > Cheers Greg >
