Menu

#127 commons-beanutils update to 1.10.1

v1.0 (example)
open
None
5
2025-06-11
2025-02-17
No

Please update commons-beanutils:commons-beanutils from 1.10.0 to 1.10.1.
Reason: https://commons.apache.org/proper/commons-beanutils/changes.html#a1.10.1 has a concurrency issue hotfix.
Most probably this project is not affected directly as it's not using org.apache.commons.beanutils.FluentPropertyBeanIntrospector, but this dependency has compile scope and can be transitively used by the project depending on opencsv.

Discussion

  • Jim Sellers

    Jim Sellers - 2025-05-28

    Please update to 1.11.0 at least. The transitive dependency is being flagged for CVE-2025-48734

     
  • Scott Conway

    Scott Conway - 2025-05-29

    I will try and look at that this weekend.

     
  • Silviu Burcea

    Silviu Burcea - 2025-06-11

    A better move would be to consider commons-beanutils2, as commons-beanutils 1.x contains commons-collections 3.x, which has sonatype-2024-3350

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.