Hi,
Are there plans to bump dependency for common-beanutils to v1.11.0 in upcoming releases?
CVE-2025-48734 has been flagged out in Dependency check v12.1.0
Trivy Scan:
{
"VulnerabilityID": "CVE-2025-48734",
"PkgName": "commons-beanutils:commons-beanutils",
"PkgPath": "usr/share/dependency-check/lib/commons-beanutils-1.9.4.jar",
"PkgIdentifier": {
"PURL": "pkg:maven/commons-beanutils/commons-beanutils@1.9.4",
"UID": "e6a50b692f42c7fb"
},
"InstalledVersion": "1.9.4",
"FixedVersion": "1.11.0",
"Status": "fixed",
Hi,
Are there plans to bump dependency for common-beanutils to v1.11.0 in upcoming releases?
CVE-2025-48734 has been flagged out in Dependency check v12.1.0
Trivy Scan:
{
"VulnerabilityID": "CVE-2025-48734",
"PkgName": "commons-beanutils:commons-beanutils",
"PkgPath": "usr/share/dependency-check/lib/commons-beanutils-1.9.4.jar",
"PkgIdentifier": {
"PURL": "pkg:maven/commons-beanutils/commons-beanutils@1.9.4",
"UID": "e6a50b692f42c7fb"
},
"InstalledVersion": "1.9.4",
"FixedVersion": "1.11.0",
"Status": "fixed",