apache commons dependency security bug
Brought to you by:
aruckerjones,
sconway
Bug notification: https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff/
And also these:
I have a service I'm no longer able to run because of this issue. If a patch to the latest apache.commons (especially the text
library) is not feasible, I'll need to rewrite with another library.
We just released version 5.7.1 to address the Commons Text vulnerability.
As for the Commons Collections vulnerability, we use Commons Collections 4.4 and have for a long time. The problem is BeanUtils, which still has not upgraded from Commons Collections 3. Our code does not use the vulnerable Commons Collections. See https://sourceforge.net/p/opencsv/feature-requests/154/
Superb. Thank you!