Hello Vinay, Did you see the responses on the [email protected] mailing list?
https://lists.apache.org/thread/36tgd2vrzc6tdzrskz603ooxblygw4z9 It's difficult to give more specific estimates. Kind regards, Arnout On Thu, Sep 12, 2024 at 5:46 PM Modi, Vinay (Berkeley Heights) <[email protected]> wrote: > > Apache Team > > > > Can someone please acknowledge or direct me to the right group > > > > Regards > > Vinay > > > > From: Modi, Vinay (Berkeley Heights) > Sent: Tuesday, September 3, 2024 2:12 PM > To: [email protected]; [email protected]; [email protected]; > [email protected]; [email protected] > Cc: Commons Security <[email protected]> > Subject: RE: beanutils2 | Planned Release Date > > > > Team > > > > Can someone please help me with an answer. Is there any plan to release a > stable version of BeanUtils2. > > > > My understanding is that this is the way to step away from Apache Commons > 3.2.2 > > > > Sonatype rules indicate Apache Commons 3.2.2 as vulnerable. > > > > Regards > > Vinay > > From: Modi, Vinay (Berkeley Heights) <[email protected]> > Sent: Thursday, August 29, 2024 9:13 AM > To: [email protected] > Subject: beanutils2 | Planned Release Date > > > > > > Good Afternoon. We at Fiserv use Apache commons libraries in our web > applications. I am just curious to know when is Apache planning to release a > stable version of BeanUtils2. This is because we are still using BeanUtils > which in turn has a dependency on Apache Commons 3.2.2 > > > > A recent vulnerability discovered in Apache Commons 3.2.2 requires us to > upgrade this version, which means a new version of BeanUtils that uses Apache > Commons 4 > > > > Appreciate your feedback/response. > > > > There is a resolution to the vulnerability available in commons-collections > (4.3). > > > > > > Regards > > Vinay -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
