Re: Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)

To: <700610@bugs.debian.org>
Cc: <debian-java@lists.debian.org>
Subject: Re: Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)
From: Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de>
Date: Tue, 22 Feb 2022 23:32:49 +0100
Message-id: <[🔎] e38348c7-2927-6b43-e31e-7b95228c95ad@tu-dresden.de>
In-reply-to: <CAMBJEmXuB7RtSK3JYR0jG1bD-VPRCTfq2nGnKW4PyKPn70aHdw@mail.gmail.com>
References: <CAMBJEmU3hFuN4k7wrnhAgLtQxnCDH0joQO0A_9m=KXeJzA5xkQ@mail.gmail.com> <56C71965.6000101@apache.org> <CAMBJEmXuB7RtSK3JYR0jG1bD-VPRCTfq2nGnKW4PyKPn70aHdw@mail.gmail.com>

Dear maintainers,

there was published a new release of BeanShell 14 months ago. You can findthe sources of version 2.1.0 on GitHub at


https://github.com/beanshell/beanshell/releases/tag/2.1.0

The new version has not been published on Maven though (where versionsfrom 2.0b4 to 2.0b6 are still the newest releases), but this is explainedon GitHub at https://github.com/beanshell/beanshell/issues/603 .Anyway, version 2.1.0 is an official release linked fromhttps://www.beanshell.org/download.html and there is also stated thatversion 2.0b4 is now merely a legacy release.


What do you think, wouldn't it be time for an update in Debian?

Best regards,

Thomas Uhle

Reply to:

Follow-Ups:
- Re: Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)
  - From: Thorsten Glaser <t.glaser@tarent.de>

Prev by Date: Tomcat10
Next by Date: Re: Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Previous by thread: Tomcat10
Next by thread: Re: Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Index(es):
- Date
- Thread