[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2025:02056-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":55,"epss":9,"epss_history":56,"metrics":57,"affected":58},"SUSE-SU-2025:02056-1","Security update for apache-commons-beanutils\n\nThis update for apache-commons-beanutils fixes the following issues:\n\nUpdate to 1.11.0:\n\n  * Fixed Bugs:\n\n    + BeanComparator.compare(T, T) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      all cases of ReflectiveOperationException.\n    + MappedMethodReference.get() now throws IllegalStateException\n      instead of RuntimeException to wrap cases of\n      NoSuchMethodException.\n    + ResultSetIterator.get(String) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      cases of SQLException.\n    + ResultSetIterator.hasNext() now throws IllegalStateException\n      instead of RuntimeException to wrap cases of SQLException.\n    + ResultSetIterator.next() now throws IllegalStateException\n      instead of RuntimeException to wrap cases of SQLException.\n    + ResultSetIterator.set(String, Object) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      cases of SQLException.\n    + ResultSetIterator.set(String, String, Object) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      cases of SQLException.\n\n  * Changes:\n\n    + Add org.apache.commons.beanutils\n      .SuppressPropertiesBeanIntrospector.SUPPRESS_DECLARING_CLASS.\n      Fixes bsc#1243793, CVE-2025-48734\n    + Bump org.apache.commons:commons-parent from 81 to 84.\n    + Bump commons-logging:commons-logging from 1.3.4 to 1.3.5.\n\nUpdate to 1.10.1:\n\n  * Fixed Bugs:\n\n    + BEANUTILS-541:  FluentPropertyBeanIntrospector concurrency\n      issue (backport to 1.X) #325.\n    + Javadoc is missing its Overview page.\n    + Remove -nouses directive from maven-bundle-plugin. OSGi\n      package imports now state 'uses' definitions for package\n      imports, this doesn't affect JPMS (from\n      org.apache.commons:commons-parent:80).\n    + Deprecate BeanUtils.BeanUtils().\n    + Deprecate ConstructorUtils.ConstructorUtils().\n    + Deprecate LocaleBeanUtils.LocaleBeanUtils().\n    + Deprecate LocaleConvertUtils.LocaleConvertUtils().\n    + Deprecate ConvertUtils.ConvertUtils().\n    + Deprecate MethodUtils.MethodUtils().\n    + Deprecate PropertyUtils.PropertyUtils().\n\n  * Changes:\n\n    + Bump org.apache.commons:commons-parent from 78 to 81.\n\nIncludes changes from 1.10.0:\n\n  * Fixed Bugs:\n\n    + BEANUTILS-541:  FluentPropertyBeanIntrospector caches\n      corrupted writeMethod (1.x backport) #69.\n    + Replace internal use of Locale.ENGLISH with Locale.ROOT.\n    + Replace Maven CLIRR plugin with JApiCmp.\n    + Port to Java 1.4 Throwable APIs (!).\n    + Fix Javadoc generation on Java 8, 17, and 21.\n    + AbstractArrayConverter.parseElements(String) now returns a\n      List\u003CString> instead of a raw List.\n\n  * Changes:\n\n    + Bump org.apache.commons:commons-parent from 47 to 78.\n    + Bump Java requirement from Java 6 to 8.\n    + Bump junit:junit from 4.12 to 4.13.2.\n    + Bump JUnit from 4.x to 5.x 'vintage'.\n    + Bump commons-logging:commons-logging from 1.2 to 1.3.4.\n    + Deprecate BeanUtilsBean.initCause(Throwable, Throwable) for\n      removal, use Throwable.initCause(Throwable).\n    + Deprecate BeanUtils.initCause(Throwable, Throwable) for\n      removal, use Throwable.initCause(Throwable).\n\nUpdate to 1.9.4:\n\n  * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114\n\nUpdated to 1.9.3:\n\n  * This is a bug fix release, which also improves the tests for\n    building on Java 8.\n  * Note that Java 8 and later no longer support indexed bean\n    properties on java.util.List, only on arrays like String[].\t\n    (BEANUTILS-492). This affects PropertyUtils.getPropertyType()\n    and PropertyUtils.getPropertyDescriptor(); their javadoc have\n    therefore been updated to reflect this change in the JDK.\n\n  * Changes in this version include:\n\n    - Fixed Bugs:\n\n      * BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector\n      * BEANUTILS-492: Fixed exception when setting indexed properties\n          on DynaBeans.\n      * BEANUTILS-470: Precision lost when converting BigDecimal.\n      * BEANUTILS-465: Indexed List Setters fixed.\n\n    - Changes:\n\n      * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12.\n      * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2.\n      * BEANUTILS-474: FluentPropertyBeanIntrospector does not use the\n      \tsame naming algorithm as DefaultBeanIntrospector.\n      * BEANUTILS-490: Update Java requirement from Java 5 to 6.\n      * BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2\n        (CVE-2015-4852).\n      * BEANUTILS-490: Update java requirement to Java 6.\n      * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8.\n      * BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9.\n      * BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9.\n    - Historical list of changes:\n      http://commons.apache.org/proper/commons-beanutils/changes-report.html\n\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2014-0114",{"_key":17},"CVE-2015-4852",{"_key":19},"CVE-2025-48734",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2025-06-20T16:17:22Z","2026-02-04T02:16:19.881198Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,47,51],{"url":32,"sources":33,"tags":35},"https://www.suse.com/support/update/announcement/2025/suse-su-202502056-1/",[34],"osv_suse",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugzilla.suse.com/1243793",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://www.suse.com/security/cve/CVE-2014-0114",[34],[46],"WEB",{"url":48,"sources":49,"tags":50},"https://www.suse.com/security/cve/CVE-2015-4852",[34],[46],{"url":52,"sources":53,"tags":54},"https://www.suse.com/security/cve/CVE-2025-48734",[34],[46],[],[],[],[59,72],{"ecosystem":60,"name":61,"vendor":62,"product":63,"cpe_part":9,"purl_type":64,"purl_namespace":62,"purl_name":63,"source":9,"versions":65},"SUSE Linux Enterprise","apache-commons-beanutils","suse","apache-commons-beanutils&distro=SUSE Linux Enterprise Server 12 SP5-LTSS","rpm",[66],{"version":67,"is_range":68,"range_type":69,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":71,"fixed_in":9},"lt1_11_0_7_3_1",true,"ecosystem","1.11.0-7.3.1","excluding",{"ecosystem":60,"name":61,"vendor":62,"product":73,"cpe_part":9,"purl_type":64,"purl_namespace":62,"purl_name":73,"source":9,"versions":74},"apache-commons-beanutils&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",[75],{"version":67,"is_range":68,"range_type":69,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":71,"fixed_in":9}]