Skip to content

Update Apache Commons Bean Utils to 1.9.4 #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kwwall opened this issue Aug 27, 2019 · 1 comment
Closed

Update Apache Commons Bean Utils to 1.9.4 #512

kwwall opened this issue Aug 27, 2019 · 1 comment
Assignees
@kwwall
Labels
Security Vulnerable Dependencies Vulnerable 3rd party components needing patched
Milestone
2.3

Comments

@kwwall
Copy link
Contributor

kwwall commented Aug 27, 2019

This is to fix the Java deserialization vulnerability in Apache Commons Bean Utils identified by Snyk. This is related to a part of CVE-2014-0114 that was not originally patched.

This issue was mentioned as an "Open Issue" in the ESAPI 2.2.0.0 release notes.
@kwwall kwwall added Security Vulnerable Dependencies Vulnerable 3rd party components needing patched labels Aug 27, 2019
@kwwall kwwall added this to the 2.3 milestone Aug 27, 2019
@kwwall kwwall self-assigned this Aug 27, 2019
@kwwall kwwall mentioned this issue Aug 27, 2019
Merged
xeno6696 added a commit that referenced this issue Sep 1, 2019
@xeno6696
Merge pull request #513 from kwwall/issue-512
36872a0 
Close issue #512 by updating to 1.9.4 of Commons Beans Util.
@kwwall
Copy link
Contributor Author

kwwall commented Sep 19, 2019

Closed via PR #513

@kwwall kwwall closed this as completed Sep 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kwwall kwwall

Labels
Security Vulnerable Dependencies Vulnerable 3rd party components needing patched
Projects
None yet
Milestone
2.3
Development

No branches or pull requests
1 participant
@kwwall