Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Thomas Uhle
thomas.uhle at mailbox.tu-dresden.de
Tue Feb 22 22:32:49 GMT 2022
Dear maintainers,
there was published a new release of BeanShell 14 months ago. You can find
the sources of version 2.1.0 on GitHub at
https://github.com/beanshell/beanshell/releases/tag/2.1.0
The new version has not been published on Maven though (where versions
from 2.0b4 to 2.0b6 are still the newest releases), but this is explained
on GitHub at https://github.com/beanshell/beanshell/issues/603 .
Anyway, version 2.1.0 is an official release linked from
https://www.beanshell.org/download.html and there is also stated that
version 2.0b4 is now merely a legacy release.
What do you think, wouldn't it be time for an update in Debian?
Best regards,
Thomas Uhle
More information about the pkg-java-maintainers
mailing list