I checked this project with DependencyCheck and found that several modules depend on an older version of commons-collections with a known vulnerability:
One or more dependencies were identified with known vulnerabilities in JAXB2 Basics - Full Plugins JAR:
commons-collections-3.2.1.jar (commons-collections:commons-collections:3.2.1, cpe:/a:apache:commons_collections:3.2.1) : CVE-2015-6420
According to DependencyCheck (mvn dependency-check:check), it looks like one of the modules also depends on some older versions of spring, but I haven't looked closer at this.
Hello. :)
I checked this project with DependencyCheck and found that several modules depend on an older version of commons-collections with a known vulnerability:
Turns out this is pulled in via an older version of commons-beanutils, so I've upgraded that to the latest release. See http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.3/RELEASE-NOTES.txt for more details
According to DependencyCheck (
mvn dependency-check:check
), it looks like one of the modules also depends on some older versions of spring, but I haven't looked closer at this.mvn clean install
still ran successfully.