Jar file version 1.0.1 contains not used package 'org.apache.commons.collections.*'

Question

Opened this issue 5 years ago · 1 comments

Version 1.0.1 jar file contains package 'org.apache.commons.collections.*', which was not used anymore. Please remove it in future release.

Answer 1 · 2019-11-11T11:23:34.000Z

What's more, commons-beanutils can be update to 1.9.4.
FYI, https://www.cvedetails.com/cve/CVE-2019-10086/