commons-beanutils update to 1.10.1
Brought to you by:
aruckerjones,
sconway
Please update commons-beanutils:commons-beanutils
from 1.10.0
to 1.10.1
.
Reason: https://commons.apache.org/proper/commons-beanutils/changes.html#a1.10.1 has a concurrency issue hotfix.
Most probably this project is not affected directly as it's not using org.apache.commons.beanutils.FluentPropertyBeanIntrospector
, but this dependency has compile scope and can be transitively used by the project depending on opencsv.
Please update to 1.11.0 at least. The transitive dependency is being flagged for CVE-2025-48734
I will try and look at that this weekend.
A better move would be to consider commons-beanutils2, as commons-beanutils 1.x contains commons-collections 3.x, which has sonatype-2024-3350