Fedora alert FEDORA-2025-48e8e5f8ed (apache-commons-beanutils)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 42 Update: apache-commons-beanutils-1.9.4-39.fc42 | |
| Date: | Sun, 22 Jun 2025 05:59:28 +0000 | |
| Message-ID: | <20250622055928.BA854203D114@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-48e8e5f8ed 2025-06-22 05:57:57.824474+00:00 -------------------------------------------------------------------------------- Name : apache-commons-beanutils Product : Fedora 42 Version : 1.9.4 Release : 39.fc42 URL : https://commons.apache.org/proper/commons-beanutils/ Summary : Java utility methods for accessing and modifying the properties of arbitrary JavaBeans Description : The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight. -------------------------------------------------------------------------------- Update Information: Fix improper access control vulnerability Resolves: CVE-2025-48734 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 13 2025 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.9.4-39 - Fix improper access control vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369090 - CVE-2025-48734 apache-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369090 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-48e8e5f8ed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue