Merge pull request ESAPI#513 from kwwall/issue-512

xeno6696 · web-flow · commit 36872a082b06 · 2019-09-01T15:18:37.000-07:00
Close issue ESAPI#512 by updating to 1.9.4 of Commons Beans Util.
diff --git a/pom.xml b/pom.xml
@@ -171,8 +171,8 @@
         <dependency>
             <groupId>commons-beanutils</groupId>
             <artifactId>commons-beanutils</artifactId>
-            <!-- We need to use 1.9.2 (or later) here to address CVE-2014-0114. -->
-            <version>1.9.3</version>
+            <!-- We need to use 1.9.4 (or later) here to address CVE-2014-0114 and CVE-2019-10086. -->
+            <version>1.9.4</version>
             <!-- NOTE: commons-beanutils uses commons-collections 3.2.2. We use
                  commons-collections 4.2. Package names are different so this shouldn't
                  cause any problems as long as 3.x doesn't have any CVEs. May have to
