Less language is an extension of css and less4j compiles it into regular css. Less adds several dynamic features into css: variables, expressions, nested rules, and so on. Less was designed to be compatible with css and any correct css file is also correct less file.
Less4j depends on commons-beanutils:commons-beanutils:1.8.3 which has a vulnerqbility s reported by the NVD. At the moment, there is no released version of commons-beanutils that is not vulnerable. This is related to Issue 346 since it is also being caused by the same dependency, but hte vulnerability is different.
robertoschwald
commented
6 years ago
Less4j depends on commons-beanutils:commons-beanutils:1.8.3 which has a vulnerqbility s reported by the NVD. At the moment, there is no released version of commons-beanutils that is not vulnerable. This is related to Issue 346 since it is also being caused by the same dependency, but hte vulnerability is different.
Issue 346: https://github.com/SomMeri/less4j/issues/346
NVD Report: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114