> On May 25, 2019, at 3:15 PM, Matt Sicker wrote:
>
> Hi, I've gone ahead and approved it after review. Since I'm not active
> in beanutils, I'd prefer someone else to either merge it or add an
> approval review first. My company has also been moving toward
> eliminating vulnerable versions of
Hi, I've gone ahead and approved it after review. Since I'm not active
in beanutils, I'd prefer someone else to either merge it or add an
approval review first. My company has also been moving toward
eliminating vulnerable versions of dependencies, and we use beanutils
(1.9.x currently) in some lim
Hey All!,
First time contributor here. My company has a corporate goal to only use
open source libraries with NO open Security CVE's marked as critical.
BeanUtils has CVE-2014-0114 marked as critical so I opened a ticket:
https://issues.apache.org/jira/browse/BEANUTILS-520
I submitted my first
