Uploaded image for project: 'MyFaces Core'
  1. MyFaces Core
  2. MYFACES-4032

upgrade common-beanutils to 1.9.2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.2.8, 2.2.9
    • 2.2.10
    • None
    • None

    Description

      Hello,

      We have been reported for security vulnerable library common-beanutils-1.8.3. Myfaces-impl is dependent on this library and which is downloaded to application WEB-INF/lib while packaging.

      Clould you please upgrade to latest release 1.9.2 of common-beanutils and make use of 'SuppressPropertiesBeanIntrospector'.

      More details can be found here:
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
      http://openwall.com/lists/oss-security/2014/06/15/10
      http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
      https://issues.apache.org/jira/browse/BEANUTILS-463

      Attachments

        Activity

          People

            lu4242 Leonardo Uribe
            pujar.santosh Santosh P
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: