Merge pull request #196 from Malarvzh/BeanUtilVersionChange

sujitharamadass · web-flow · commit c98f5fbccfef · 2023-02-07T10:49:14.000+05:30
Fixing vulnerability in the BeanUtil library.
diff --git a/ipp-v3-java-devkit/pom.xml b/ipp-v3-java-devkit/pom.xml
@@ -84,7 +84,12 @@
         <exclusion> 
           <groupId>commons-collections</groupId>  
           <artifactId>commons-collections</artifactId> 
-        </exclusion> 
+        </exclusion>
+        <!-- Fix to exclude commons-beanutils 1.7 due to security vulnerability and bring in 1.9.4-->
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils</artifactId>
+        </exclusion>
       </exclusions> 
     </dependency>  
     <!-- https://mvnrepository.com/artifact/commons-collections/commons-collections -->  
@@ -93,7 +98,14 @@
       <groupId>commons-collections</groupId>  
       <artifactId>commons-collections</artifactId>  
       <version>3.2.2</version> 
-    </dependency>  
+    </dependency>
+    <!-- https://mvnrepository.com/artifact/commons-beanutils/commons-beanutils -->
+    <!-- 1.9.4 fixes vulnerability -->
+    <dependency>
+      <groupId>commons-beanutils</groupId>
+      <artifactId>commons-beanutils</artifactId>
+      <version>1.9.4</version>
+    </dependency>
     <dependency> 
       <groupId>commons-io</groupId>  
       <artifactId>commons-io</artifactId>  
