This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-beanutils.git
The following commit(s) were added to refs/heads/master by this push:
new 7634d8a3 Document release of CVE-2025-48734
7634d8a3 is described below
commit 7634d8a359f18f3b9ae311c685fe7639d4446f34
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Wed May 28 10:01:42 2025 -0400
Document release of CVE-2025-48734
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not
suppresses an enum's declaredClass property by default
(https://www.cve.org/CVERecord?id=CVE-2025-48734)
---
src/changes/changes.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index aa77fda4..b0586c0f 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -267,6 +267,7 @@
</release>
<release version="1.11.0" date="2025-05-25" description="This is a
maintenance release and requires Java 8.">
<!-- FIX -->
+ <action type="fix" dev="ggregory" due-to="Raj, Muthukumar Marikani, Gary
Gregory">CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not
suppresses an enum's declaredClass property by default
(https://www.cve.org/CVERecord?id=CVE-2025-48734).</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">BeanComparator.compare(T, T) now throws IllegalArgumentException
instead of RuntimeException to wrap all cases of
ReflectiveOperationException.</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">MappedMethodReference.get() now throws IllegalStateException instead
of RuntimeException to wrap cases of NoSuchMethodException.</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">ResultSetIterator.get(String) now throws IllegalArgumentException
instead of RuntimeException to wrap cases of SQLException.</action>
