We should have a release candidate within a month or so. Gary
On Thu, Sep 12, 2024, 11:55 AM Modi, Vinay (Berkeley Heights) <vinay.m...@fiserv.com.invalid> wrote: > Apache Team > > > > Can someone please acknowledge or direct me to the right group > > > > Regards > > Vinay > > > > *From:* Modi, Vinay (Berkeley Heights) > *Sent:* Tuesday, September 3, 2024 2:12 PM > *To:* user@commons.apache.org; brit...@apache.org; > simonetrip...@apache.org; mcucchi...@apache.org; grobme...@apache.org > *Cc:* Commons Security <secur...@commons.apache.org> > *Subject:* RE: beanutils2 | Planned Release Date > > > > Team > > > > Can someone please help me with an answer. Is there any plan to release a > stable version of *BeanUtils2.* > > > > My understanding is that this is the way to step away from Apache Commons > 3.2.2 > > > > Sonatype rules indicate Apache Commons 3.2.2 as vulnerable. > > > > Regards > > Vinay > > *From:* Modi, Vinay (Berkeley Heights) <vinay.m...@fiserv.com> > *Sent:* Thursday, August 29, 2024 9:13 AM > *To:* user@commons.apache.org > *Subject:* beanutils2 | Planned Release Date > > > > > > Good Afternoon. We at Fiserv use Apache commons libraries in our web > applications. I am just curious to know when is Apache planning to release > a stable version of *BeanUtils2. *This is because we are still using > BeanUtils which in turn has a dependency on Apache Commons 3.2.2 > > > > A recent vulnerability discovered in Apache Commons 3.2.2 requires us to > upgrade this version, which means a new version of BeanUtils that uses > Apache Commons 4 > > > > Appreciate your feedback/response. > > > > - There is a *resolution > <https://issues.apache.org/jira/browse/COLLECTIONS-701>* to the > *vulnerability > <https://issues.apache.org/jira/browse/COLLECTIONS-701>* available in > commons-collections (*4.3 > > <https://issues.apache.org/jira/issues/?jql=project+%3D+COLLECTIONS+AND+fixVersion+%3D+4.3>* > ). > > > > > > Regards > > Vinay >
