Jon Champlin
2018-02-14 21:11:08 UTC
We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near future to
release a new version of commons-validator that had the latest version of
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities. I was wondering if there were plans in the near future to
release a new version of commons-validator that had the latest version of
compile dependencies for commons-beanutils, commons-collections and
commons-digester?