[El-errata] ELSA-2025-10814 Important: Oracle Linux 7 apache-commons-beanutils security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jul 31 18:47:05 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-10814

http://linux.oracle.com/errata/ELSA-2025-10814.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
apache-commons-beanutils-1.8.3-15.0.1.el7_9.noarch.rpm
apache-commons-beanutils-javadoc-1.8.3-15.0.1.el7_9.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/apache-commons-beanutils-1.8.3-15.0.1.el7_9.src.rpm

Related CVEs:

CVE-2025-48734




Description of changes:

[1.8.3-15.0.1]
- Add SuppressPropertiesBeanIntrospector.SUPPRESS_DECLARING_CLASS
  [Orabug: 38176946][CVE-2025-48734]

[1.8.3-15]
- Fix CVE-2014-0114
- Fix CVE-2019-10086

[1.8.3-14]
- Mass rebuild 2013-12-27

[1.8.3-13]
- Add BuildRequires on apache-commons-parent >= 26-7
- Remove BuildRequires on commons-collections-testframework

[1.8.3-12]
- Remove workaround for rpm bug #646523

[1.8.3-11]
- Rebuild to regenerate API documentation
- Resolves: CVE-2013-1571

[1.8.3-10]
- Build with xmvn
- Don't generate extra JARs
- Simplify build dependencies
- Update to current packaging guidelines

[1.8.3-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[1.8.3-8]
- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
- Replace maven BuildRequires with maven-local

[1.8.3-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1.8.3-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[1.8.3-5]
- Packaging fixes
- Remove unneeded depmap
- Remove versioned jars and javadocs
- Use maven 3 to build

[1.8.3-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[1.8.3-3]
- Add license to javadoc subpackage

[1.8.3-2]
- Added provides to javadoc subpackage

[1.8.3-1]
- Re-did whole spec file, dropped gcj support
- Rename package (jakarta-commons-beanutils->apache-commons-beanutils)

[0:1.7.0-12.3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[0:1.7.0-11.3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

[0:1.7.0-10.3]
- Fedora-specific: enable GCJ support

[0:1.7.0-10.2]
- Fedora-specific: BuildRequires: java-1.6.0-devel

[0:1.7.0-10.1]
- Fedora-specific: remove repolib
- Fedora-specific: enable JDK6 support

[0:1.7.0-10]
- add flag to build with maven

[0:1.7.0-9]
- add jdk6 patch
- fix repolib

[0:1.7.0-8.jpp5]
- fix duplicate files
- correctly unpack sources
- remove spurious gnu-crypto requirement
- remove spurious javadoc package requirements
- fix javadoc directory
- fix build-classpath call
- use macros

[0:1.7.0-7]
- First JPP5 build

[0:1.7.0-6jpp]
- Make Vendor, Distribution based on macro
- Fix aot build
- Add poms and depmap frags
- Build with maven1 by default
- Add manual subpackage when built with maven

[0:1.7.0-2jpp.ep1.2]
- Fix repolib location

[0:1.7.0-2jpp.ep1.1]
- New repolib location

[0:1.7.0-2jpp.el4ep1.3]
- Remove pre section used for RHUG cleanup

[0:1.7.0-2jpp.el4ep1.2]
- Add -brew suffix

[0:1.7.0-2jpp.el4ep1.1]
- Add repolib support

[0:1.7.0-5jpp]
- Require what is used in post/postun for javadoc

[0:1.7.0-4jpp]
- Add AOT bits

[0:1.7.0-3jpp]
- Add header
- Remove unecessary macro definitions

[0:1.7.0-2jpp_1rh]
- Merge with upstream

[0:1.7.0-1jpp_3rh]
- Fix build so that collections jar is created

[0:1.7.0-2jpp]
- Use the "dist" target to get a full build, including bean-collections

[0:1.7.0-1jpp_1rh]
- Import from upstream

[0:1.7.0-1jpp]
- Upgrade to 1.7.0

[0:1.6.1-4jpp_6rh]
- add coreutils BuildRequires

[0:1.6.1-5jpp]
- Rebuild with ant-1.6.2

[0:1.6.1-4jpp_5rh]
- Added trigger to restore symlinks that are removed if ugrading
  from a commons-beanutils rhug package

[0:1.6.1-4jpp_4rh]
- more of the same, for version-suffixed .jar files

[0:1.6.1-4jpp_3rh]
- add RHUG upgrade cleanup

[0:1.6.1-4jpp_2rh]
- RH vacuuming part II

[0:1.6.1-4jpp_1rh]
- RH vacuuming

[0:1.6.1-4jpp]
- update for JPackage 1.5

[1.6.1-2jpp]
- fix ASF license and add packager name

[1.6.1-1jpp]
- 1.6.1

[1.6-1jpp]
- 1.6

[1.5-1jpp]
- 1.5

[1.4.1-1jpp]
- 1.4.1

[1.4-1jpp]
- 1.4

[1.3-3jpp]
- change to commons-xxx.jar instead of commons-xxx.home in ant parameters

[1.3-2jpp]
- use sed instead of bash 2.x extension in link area to make spec compatible
  with distro using bash 1.1x

[1.3-1jpp]
- 1.3
- added short names in %{_javadir}, as does jakarta developpers
- first jPackage release

More information about the El-errata mailing list