Is JasperReportsIntegration really vulnarable to CVE-2025-48734 (8.8)

Accoording to [NVD - CVE-2025-48734](https://nvd.nist.gov/vuln/detail/CVE-2025-48734) the commons-beanutils-1.9.4 should be upgraded to commons-beanutils-1.11.0. Although commons-beanutils-1.9.4 already enables the protection by default the [National Vulnerability Database](https://nvd.nist.gov/) is advicing us to update to version 1.11.0.

Is this this really necessary?

Environment:
JasperReportsIntegration (2.11.0) on Tomcat 9
Oracle linux 8
Java 11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is JasperReportsIntegration really vulnarable to CVE-2025-48734 (8.8) #157

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Is JasperReportsIntegration really vulnarable to CVE-2025-48734 (8.8) #157

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions