CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property
in PropertyUtilsBean by default.
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: commons-beanutils-1.9.3 and earlier
Description: A special BeanIntrospector class was added in version 1.9
The Apache Commons Team is pleased to announce the release of
Apache Commons BeanUtils 1.9.4.
The Apache Commons BeanUtils open source software library provides
easy-to-use wrappers around the Java reflection and introspection APIs.
Source and binary distributions are available for download from
+1
Am 12.08.2019 um 14:48 schrieb Gary Gregory:
Hi All,
I'm thinking that our components source repo page should also include a
link to the GitHub version of the repo.
Thoughts?
Gary
-
To unsubscribe, e-mail: dev-unsubscr
This VOTE passes with the following +1 binding votes:
- Bruno P. Kinoshita
- Rob Tompkins
- Gary Gregory
Otto Fowler cast a +1 non-binding vote.
Thank you all!
Gary
On Tue, Aug 13, 2019 at 6:50 PM Rob Tompkins wrote:
> +1 all ok, builds to site on java 8, tests out on java 11.
>
> > On Au
My +1
Gary
On Sun, Aug 11, 2019 at 5:50 AM Gary Gregory wrote:
> We have fixed 2 bugs and enhanced Javadocs since Apache Commons VFS 2.4
> was released, so I would like to release Apache Commons VFS 2.4.1.
>
> Apache Commons VFS 2.4.1 RC1 is available for review here:
> https://dist.apache.
We all understood each other in a brief email thread, remarkable! :-)
Gary
On Wed, Aug 14, 2019 at 9:00 AM Matt Sicker wrote:
> Yes, I think you understand us. A strategy pattern with default sensible
> strategies to choose.
>
> On Wed, Aug 14, 2019 at 06:08, Stefan Bodewig wrote:
>
> > On 201
Yes, I think you understand us. A strategy pattern with default sensible
strategies to choose.
On Wed, Aug 14, 2019 at 06:08, Stefan Bodewig wrote:
> On 2019-08-13, Matt Sicker wrote:
>
> > The enum makes sense. Are there any feasible ways to, say, configure
> > some sort of handler class that c
On 2019-08-13, Matt Sicker wrote:
> The enum makes sense. Are there any feasible ways to, say, configure
> some sort of handler class that can implement logic around unknown
> fields?
Not really. The only extension point here currently is plugging in your
own implementations of ZipExtraField via