Discussion:
[VALIDATOR] Update of packages used by Validator?
Jon Champlin
2018-02-14 21:11:08 UTC
Permalink
We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near future to
release a new version of commons-validator that had the latest version of
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
Gary Gregory
2018-03-13 19:20:53 UTC
Permalink
I just updated in svn trunk the dependency Apache Commons BeanUtils from
1.9.2 to 1.9.3.

My hope is to see the community:

- Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
- Release Apache Commons Parent 45 (referencing Apache Commons Release
plugin 1.1)
- Release other Apache Commons components like Validator.

Gary
Post by Jon Champlin
We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near future to
release a new version of commons-validator that had the latest version of
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
Rob Tompkins
2018-03-13 19:47:26 UTC
Permalink
Post by Gary Gregory
I just updated in svn trunk the dependency Apache Commons BeanUtils from
1.9.2 to 1.9.3.
- Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
- Release Apache Commons Parent 45 (referencing Apache Commons Release
plugin 1.1)
- Release other Apache Commons components like Validator.
My plan is to test run commons-parent 45 on the next release. I’m indifferent over whether it’s Commons Text or Commons Validator. Is there a preference?

-Rob
Post by Gary Gregory
Gary
Post by Jon Champlin
We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near future to
release a new version of commons-validator that had the latest version of
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
---------------------------------------------------------------------
To unsubscribe, e-mail: user-***@commons.apache.org
For additional commands, e-mail: user-***@commons.apache.org
Gary Gregory
2018-03-13 19:48:36 UTC
Permalink
Post by Gary Gregory
I just updated in svn trunk the dependency Apache Commons BeanUtils from
1.9.2 to 1.9.3.
- Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
- Release Apache Commons Parent 45 (referencing Apache Commons Release
plugin 1.1)
- Release other Apache Commons components like Validator.
My plan is to test run commons-parent 45 on the next release. I’m
indifferent over whether it’s Commons Text or Commons Validator. Is there a
preference?
Selfishly, I have a need for new Commons Text sooner rather than later.

Gary
-Rob
Post by Gary Gregory
Gary
Post by Jon Champlin
We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near
future to
Post by Gary Gregory
Post by Jon Champlin
release a new version of commons-validator that had the latest version
of
Post by Gary Gregory
Post by Jon Champlin
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
---------------------------------------------------------------------
Rob Tompkins
2018-03-13 19:51:39 UTC
Permalink
Post by Gary Gregory
Post by Rob Tompkins
Post by Gary Gregory
I just updated in svn trunk the dependency Apache Commons BeanUtils from
1.9.2 to 1.9.3.
- Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
- Release Apache Commons Parent 45 (referencing Apache Commons Release
plugin 1.1)
- Release other Apache Commons components like Validator.
My plan is to test run commons-parent 45 on the next release. I’m
indifferent over whether it’s Commons Text or Commons Validator. Is there a
preference?
Selfishly, I have a need for new Commons Text sooner rather than later.
Ok. I’ll try to do both fairly quickly. It shouldn’t be too bad as the work to release is now smaller.

-Rob
Post by Gary Gregory
Gary
Post by Rob Tompkins
-Rob
Post by Gary Gregory
Gary
Post by Jon Champlin
We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near
future to
Post by Gary Gregory
Post by Jon Champlin
release a new version of commons-validator that had the latest version
of
Post by Gary Gregory
Post by Jon Champlin
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: user-***@commons.apache.org
For additional commands, e-mail: user-***@commons.apache.org

Loading...