Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Remove dependency on apache commons validator
See original GitHub issueApache commons validator pulls in it’s own dependency tree:
commons-validator:commons-validator:1.5.0
commons-beanutils:commons-beanutils:1.9.2
commons-digester:commons-digester:1.8.1
commons-collections:commons-collections:3.2.2
Upon looking at the code I see that commons validator is only used for
import org.apache.commons.validator.routines.InetAddressValidator;
I think it may be worthwhile pulling this method in from commons validator and getting rid of this dependency tree as apache commons collections 3.x is no longer maintained since 4.1 is already out.
Issue Analytics
- State:
- Created 7 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Remove dependency on Apache Commons Validator
Remove dependency on Apache Commons Validator. Status: Assignee: ... Please upgrade Apache Commons Validator to a supported, secure version.
Read more >How can I remove the old vulnerable Apache commons ...
What you need to do is exclude commons-collections from the affected dependencies and include the desired version in your dependencies ...
Read more >Remove Duplicate Dependencies with Maven - Baeldung
Learn how to detect duplicate dependencies in Maven using the mvn dependency:tree and mvn dependency:analyze-duplicate commands.
Read more >org.springframework:spring-webmvc | Maven
In the dependencies. remove. commons-beanutils:commons-beanutils 1.7.0. GHSA-6phf-73q6-gh87Insecure Deserialization in Apache Commons Beanutils. remove.
Read more >commons-validator : 1.4.0 - Maven Central Repository Search
Commons Validator - Commons Validator provides the building blocks for both client side validation and server side data validation.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I have made the changes and will be checking-in tonight. There are some breaking changes where some existing classes visibility needs to be upgraded since we are keeping them in policy package. I am hitting a checkstyle issue for Apache Validator classes. Once done I’ll send a pull request tonight.
Closing this issue since pull request #449 is merged.