{"affected":[{"ecosystem_specific":{"binaries":[{"apache-commons-beanutils":"1.11.0-7.3.1","apache-commons-beanutils-javadoc":"1.11.0-7.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"apache-commons-beanutils","purl":"pkg:rpm/suse/apache-commons-beanutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.0-7.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache-commons-beanutils":"1.11.0-7.3.1","apache-commons-beanutils-javadoc":"1.11.0-7.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"apache-commons-beanutils","purl":"pkg:rpm/suse/apache-commons-beanutils&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.0-7.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for apache-commons-beanutils fixes the following issues:\n\nUpdate to 1.11.0:\n\n  * Fixed Bugs:\n\n    + BeanComparator.compare(T, T) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      all cases of ReflectiveOperationException.\n    + MappedMethodReference.get() now throws IllegalStateException\n      instead of RuntimeException to wrap cases of\n      NoSuchMethodException.\n    + ResultSetIterator.get(String) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      cases of SQLException.\n    + ResultSetIterator.hasNext() now throws IllegalStateException\n      instead of RuntimeException to wrap cases of SQLException.\n    + ResultSetIterator.next() now throws IllegalStateException\n      instead of RuntimeException to wrap cases of SQLException.\n    + ResultSetIterator.set(String, Object) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      cases of SQLException.\n    + ResultSetIterator.set(String, String, Object) now throws\n      IllegalArgumentException instead of RuntimeException to wrap\n      cases of SQLException.\n\n  * Changes:\n\n    + Add org.apache.commons.beanutils\n      .SuppressPropertiesBeanIntrospector.SUPPRESS_DECLARING_CLASS.\n      Fixes bsc#1243793, CVE-2025-48734\n    + Bump org.apache.commons:commons-parent from 81 to 84.\n    + Bump commons-logging:commons-logging from 1.3.4 to 1.3.5.\n\nUpdate to 1.10.1:\n\n  * Fixed Bugs:\n\n    + BEANUTILS-541:  FluentPropertyBeanIntrospector concurrency\n      issue (backport to 1.X) #325.\n    + Javadoc is missing its Overview page.\n    + Remove -nouses directive from maven-bundle-plugin. OSGi\n      package imports now state 'uses' definitions for package\n      imports, this doesn't affect JPMS (from\n      org.apache.commons:commons-parent:80).\n    + Deprecate BeanUtils.BeanUtils().\n    + Deprecate ConstructorUtils.ConstructorUtils().\n    + Deprecate LocaleBeanUtils.LocaleBeanUtils().\n    + Deprecate LocaleConvertUtils.LocaleConvertUtils().\n    + Deprecate ConvertUtils.ConvertUtils().\n    + Deprecate MethodUtils.MethodUtils().\n    + Deprecate PropertyUtils.PropertyUtils().\n\n  * Changes:\n\n    + Bump org.apache.commons:commons-parent from 78 to 81.\n\nIncludes changes from 1.10.0:\n\n  * Fixed Bugs:\n\n    + BEANUTILS-541:  FluentPropertyBeanIntrospector caches\n      corrupted writeMethod (1.x backport) #69.\n    + Replace internal use of Locale.ENGLISH with Locale.ROOT.\n    + Replace Maven CLIRR plugin with JApiCmp.\n    + Port to Java 1.4 Throwable APIs (!).\n    + Fix Javadoc generation on Java 8, 17, and 21.\n    + AbstractArrayConverter.parseElements(String) now returns a\n      List<String> instead of a raw List.\n\n  * Changes:\n\n    + Bump org.apache.commons:commons-parent from 47 to 78.\n    + Bump Java requirement from Java 6 to 8.\n    + Bump junit:junit from 4.12 to 4.13.2.\n    + Bump JUnit from 4.x to 5.x 'vintage'.\n    + Bump commons-logging:commons-logging from 1.2 to 1.3.4.\n    + Deprecate BeanUtilsBean.initCause(Throwable, Throwable) for\n      removal, use Throwable.initCause(Throwable).\n    + Deprecate BeanUtils.initCause(Throwable, Throwable) for\n      removal, use Throwable.initCause(Throwable).\n\nUpdate to 1.9.4:\n\n  * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114\n\nUpdated to 1.9.3:\n\n  * This is a bug fix release, which also improves the tests for\n    building on Java 8.\n  * Note that Java 8 and later no longer support indexed bean\n    properties on java.util.List, only on arrays like String[].\t\n    (BEANUTILS-492). This affects PropertyUtils.getPropertyType()\n    and PropertyUtils.getPropertyDescriptor(); their javadoc have\n    therefore been updated to reflect this change in the JDK.\n\n  * Changes in this version include:\n\n    - Fixed Bugs:\n\n      * BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector\n      * BEANUTILS-492: Fixed exception when setting indexed properties\n          on DynaBeans.\n      * BEANUTILS-470: Precision lost when converting BigDecimal.\n      * BEANUTILS-465: Indexed List Setters fixed.\n\n    - Changes:\n\n      * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12.\n      * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2.\n      * BEANUTILS-474: FluentPropertyBeanIntrospector does not use the\n      \tsame naming algorithm as DefaultBeanIntrospector.\n      * BEANUTILS-490: Update Java requirement from Java 5 to 6.\n      * BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2\n        (CVE-2015-4852).\n      * BEANUTILS-490: Update java requirement to Java 6.\n      * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8.\n      * BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9.\n      * BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9.\n    - Historical list of changes:\n      http://commons.apache.org/proper/commons-beanutils/changes-report.html\n\n","id":"SUSE-SU-2025:02056-1","modified":"2025-06-20T16:17:22Z","published":"2025-06-20T16:17:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502056-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0114"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4852"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-48734"}],"related":["CVE-2014-0114","CVE-2015-4852","CVE-2025-48734"],"summary":"Security update for apache-commons-beanutils","upstream":["CVE-2014-0114","CVE-2015-4852","CVE-2025-48734"]}