Request to upgrade dependency on commons-beanutils to 1.9.3-RC1

SomMeri / less4j

Less language is an extension of css and less4j compiles it into regular css. Less adds several dynamic features into css: variables, expressions, nested rules, and so on. Less was designed to be compatible with css and any correct css file is also correct less file.

146 stars 47 forks source link

Request to upgrade dependency on commons-beanutils to 1.9.3-RC1 #346

Open sherrybomb opened 8 years ago

sherrybomb commented 8 years ago

commons-beanutils 1.8.3 depends on commons-collections 3.2.1. There is a high severity security vulnerability with commons-collections 3.2.1 - see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6420#VulnChangeHistoryDiv

The latest release of commons-beanutils, 1.9.3-RC1, depends on commons-collections 3.2.2 which does not have the vulnerability. See https://commons.apache.org/proper/commons-collections/release_3_2_2.html

Josef-Reichardt commented 8 years ago

robertoschwald commented 6 years ago

+1 Is the project dead?