Jar file version 1.0.1 contains not used package 'org.apache.commons.collections.*'

jiaqi / jmxterm

Interactive command line JMX client

http://docs.cyclopsgroup.org/jmxterm

Apache License 2.0

519 stars 155 forks source link

Open toutzhang opened 4 years ago

toutzhang commented 4 years ago

Version 1.0.1 jar file contains package 'org.apache.commons.collections.*', which was not used anymore. Please remove it in future release.

toutzhang commented 4 years ago

What's more, commons-beanutils can be update to 1.9.4. FYI, https://www.cvedetails.com/cve/CVE-2019-10086/