Hey All!, First time contributor here. My company has a corporate goal to only use open source libraries with NO open Security CVE's marked as critical.
BeanUtils has CVE-2014-0114 marked as critical so I opened a ticket: https://issues.apache.org/jira/browse/BEANUTILS-520 I submitted my first Apache Commons PR which addresses the issue which I was hoping I could get code reviewed and hopefully merged. I followed all guidelines and included a specific unit test to prove the issue and the fix. Pull Request: https://github.com/apache/commons-beanutils/pull/7 I really feel like this is an important fix to have security on by default and still allow the ability to opt-out and make it backwards compatible. I hope the Apache community feels the same way! Thanks, Melloware
