Menu

#170 commons-collections transitive dependency in opencsv:5.10

open
nobody
6
2025-03-05
2025-03-05
No

There is transitive dependency on commons-collections:3.2.2 in opencsv:5.10 from commons-beanutils:1.9.4. Due to commons-collections:3.2.2 being EOL, there are security vulnerabiilties(sonatype-2024-3350) for the same.

This ticket is to track when the new release of opencsv would not contain the vulnerable commons-collections:3.2.2 by upgrading th commons-beanutils dependency.

Discussion


Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.