HeroDevs
Visit NES for Apache Struts Home Page

Apache Commons BeanUtils Release Notes

5 versions

Release notes for Apache Commons BeanUtils

Sep 12, 2025
Latest: 1.7.5
3 Patched CVEs

September 2025

1.7.5

Released on Sep 12, 2025
Full Version: 
1.7.0-commons-beanutils-1.7.5

Notes

  • Added sources jar to the published artifacts.

July 2025

1.7.4

Released on Jul 17, 2025
CVE-2025-48734
Full Version: 
1.7.0-commons-beanutils-1.7.4

Dependency Upgrades

  • commons-logging:commons-logging 1.0.3 to 1.3.5

Bug Fixes

This release patches the following:

June 2025

1.7.3

Released on Jun 6, 2025
Full Version: 
1.7.0-commons-beanutils-1.7.3

Dependency Upgrades

  • commons-collections:commons-collections 3.0 to 3.2.2

March 2025

1.7.2

Released on Mar 14, 2025
Full Version: 
1.7.0-commons-beanutils-1.7.2

Bug Fixes

  • Remove PropertyDescriptor with name class from PropertyUtils.getPropertyDescriptors results since access to class method is blocked.
  • PropertyUtils.getPropertyDescriptor blocks access to PropertyDescriptor with name class.

February 2025

1.7.1

Released on Feb 14, 2025
CVE-2014-0114
CVE-2019-10086
Full Version: 
1.7.0-commons-beanutils-1.7.1

Notes

  • This release originates from the open‑source BeanUtils project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.
  • This package is a dependency for Apache Struts 1. Upgrading to 1.9.4 is recommended but for projects that can't upgrade, this release is available.

Bug Fixes

This release patches the following:

  • CVE-2014-0114: Class Loader manipulation.
  • CVE-2019-10086: Sets the default behavior to block access to the classloader via the class property available on all Java objects.
  • groupId: commons-beanutils
  • artifactId: commons-beanutils

Stay in the loop

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.