We are working towards a release but there is no schedule. I expect to create a release candidate within the next few weeks.
Gary On Tue, Sep 3, 2024, 2:20 PM Modi, Vinay (Berkeley Heights) <vinay.m...@fiserv.com.invalid> wrote: > Team > > > > Can someone please help me with an answer. Is there any plan to release a > stable version of *BeanUtils2.* > > > > My understanding is that this is the way to step away from Apache Commons > 3.2.2 > > > > Sonatype rules indicate Apache Commons 3.2.2 as vulnerable. > > > > Regards > > Vinay > > *From:* Modi, Vinay (Berkeley Heights) <vinay.m...@fiserv.com> > *Sent:* Thursday, August 29, 2024 9:13 AM > *To:* user@commons.apache.org > *Subject:* beanutils2 | Planned Release Date > > > > > > Good Afternoon. We at Fiserv use Apache commons libraries in our web > applications. I am just curious to know when is Apache planning to release > a stable version of *BeanUtils2. *This is because we are still using > BeanUtils which in turn has a dependency on Apache Commons 3.2.2 > > > > A recent vulnerability discovered in Apache Commons 3.2.2 requires us to > upgrade this version, which means a new version of BeanUtils that uses > Apache Commons 4 > > > > Appreciate your feedback/response. > > > > - There is a *resolution > <https://issues.apache.org/jira/browse/COLLECTIONS-701>* to the > *vulnerability > <https://issues.apache.org/jira/browse/COLLECTIONS-701>* available in > commons-collections (*4.3 > > <https://issues.apache.org/jira/issues/?jql=project+%3D+COLLECTIONS+AND+fixVersion+%3D+4.3>* > ). > > > > > > Regards > > Vinay >
