Update commons-beanutils (fix for CVE-2014-0114)

intive-FDV / DynamicJasper

Dynamic Reports using Jasper Reports

http://intive-fdv.github.io/DynamicJasper/

GNU Lesser General Public License v3.0

241 stars 128 forks source link

Update commons-beanutils (fix for CVE-2014-0114) #73

Closed maclema closed 2 years ago

maclema commented 6 years ago

commons-beanutils 1.7.0 contains a vulnerability which may allow a user to execute arbitrary code. (CVE-2014-0114). Regardless if DynamicJasper's usage of beanutils is vulnerable there seems to be no reason to continue using the outdated dependency. Everything compiles and passes unit tests with the updated dependency.

juanalvarezg commented 6 years ago

Thanks, will merge and release this week