Updated apache-commons-beanutils packages has been released for Fedora 31 to address CVE-2019-10086.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-bcad44b5d6
2019-11-13 10:05:36.732968
--------------------------------------------------------------------------------
Name : apache-commons-beanutils
Product : Fedora 31
Version : 1.9.4
Release : 1.fc31
URL : http://commons.apache.org/beanutils
Summary : Java utility methods for accessing and modifying the properties of arbitrary JavaBeans
Description :
The scope of this package is to create a package of Java utility methods
for accessing and modifying the properties of arbitrary JavaBeans. No
dependencies outside of the JDK are required, so the use of this package
is very lightweight.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.9.4. Resolves CVE-2019-10086.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 4 2019 Fabio Valentini - 1.9.4-1
- Update to version 1.9.4.
- Re-enable test suite.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1767498 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1767498
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-bcad44b5d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys