src/site/xdoc/index.xml - commons-beanutils - Git at Google

 <?xml version="1.0"?>
 <!--
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
    The ASF licenses this file to You under the Apache License, Version 2.0
    (the "License"); you may not use this file except in compliance with
    the License.  You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
 -->

 <document>

  <properties>
   <title>Commons</title>
   <author email="dev@commons.apache.org">Commons Documentation Team</author>
  </properties>

  <body>

 <section name="Commons BeanUtils">

 <p>
 Most Java developers are used to creating Java classes that conform to the
 JavaBeans naming patterns for property getters and setters.  It is natural to
 then access these methods directly, using calls to the corresponding
 <code>getXxx</code> and <code>setXxx</code> methods.  However, there are some
 occasions where dynamic access to Java object properties (without compiled-in
 knowledge of the property getter and setter methods to be called) is needed.
 Example use cases include:</p>
 <ul>
 <li>Building scripting languages that interact with the Java object model
     (such as the Bean Scripting Framework).</li>
 <li>Building template language processors for web presentation and similar
     uses (such as JSP or Velocity).</li>
 <li>Building custom tag libraries for JSP and XSP environments (such as Jakarta
     Taglibs, Struts, Cocoon).</li>
 <li>Consuming XML-based configuration resources (such as Ant build scripts, web
     application deployment descriptors, Tomcat's <code>server.xml</code>
     file).</li>
 </ul>

 <p>
 The Java language provides <em>Reflection</em> and <em>Introspection</em>
 APIs (see the <code>java.lang.reflect</code> and <code>java.beans</code>
 packages in the JDK Javadocs).  However, these APIs can be quite complex to
 understand and utilize.  The  <em>BeanUtils</em> component provides
 easy-to-use wrappers around these capabilities.
 </p>

 <subsection name='BeanUtils Core And Modules'>
 <p>
 The 1.7.x and 1.8.x releases of BeanUtils distributed three jars:
 <ul>
   <li><code>commons-beanutils.jar</code> - contains everything</li>
   <li><code>commons-beanutils-core.jar</code> - excludes <i>Bean Collections</i> classes</li>
   <li><code>commons-beanutils-bean-collections.jar</code> - only <i>Bean Collections</i> classes</li>
 </ul>
 The main <code>commons-beanutils.jar</code> has an <b><i>optional</i></b> dependency on
 <a href='https://commons.apache.org/collections'>Commons Collections</a>
 </p>
 <p>
 Version 1.9.0 reverts this split for reasons outlined at
 <a href="https://issues.apache.org/jira/browse/BEANUTILS-379">BEANUTILS-379</a>.
 There is now only one jar for the BeanUtils library.
 </p>
 <p>
 Version 2.0.0 updates the dependencies for Apache Commons Collection from version 3 to 4.
 Apache Commons Collection 4 changes packages from <code>org.apache.commons.collections</code>
 to <code>org.apache.commons.collections4</code>.
 Since some Commons BeanUtils APIs surface Commons Collection types, Commons BeanUtils 2 changes packages from <code>org.apache.commons.beanutils</code>
 to <code>org.apache.commons.beanutils2</code>.
 </p>
 </subsection>
 <subsection name='Bean Collections'>
 <p>
 Bean collections is a library combining BeanUtils with
 <a href='https://commons.apache.org/collections'>Commons Collections</a>
 to provide services for collections of beans. One class (<code>BeanComparator</code>)
 was previously released, the rest are new. This new distribution strategy should allow
 this sub-component to evolve naturally without the concerns about size and scope
 that might otherwise happen.
 </p>
 <p>
 Bean Collections has an additional dependency on
 <a href='https://commons.apache.org/collections'>Commons Collections</a>.
 </p>
 </subsection>
 </section>

 <section name="Releases">
 <subsection name="2.0.x releases">
   <p>
     BeanUtils <strong>2.0.x</strong> releases are not binary compatible (but easy to port) with version 1.x.x and require a minimum of
     JDK 1.7.
   </p>
   <p>
     The latest BeanUtils release is available to download
     <a href="https://commons.apache.org/beanutils/download_beanutils.cgi">here</a>.
   </p>
   <ul>
     <li>2.0.0
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v2.0.0/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v2.0.0/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
   </ul>
 </subsection>
 <subsection name="1.9.x releases">
     <p>
     The latest BeanUtils release is available to download
     <a href="http://commons.apache.org/beanutils/download_beanutils.cgi">here</a>.<br/>
     <em><strong>1.9.4</strong></em><br/><br/>
     <ul>
       <li><a href="http://commons.apache.org/beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt">Release Notes</a></li>
       <li><a href="http://commons.apache.org/beanutils/javadocs/v1.9.4/apidocs/index.html">JavaDoc</a></li>
     </ul>
     <strong>CVE-2019-10086.</strong> Apache Commons Beanutils does not suppresses
     the class property in bean introspection by default.<br/><br/>
     <strong>Severity.</strong> Medium<br/><br/>
     <strong>Vendor.</strong> The Apache Software Foundation<br/><br/>
     <strong>Versions Affected.</strong> All versions commons-beanutils-1.9.3 and before.<br/><br/>
     <strong>Description.</strong> In version 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for
     an attacker to access the classloader via the class property available on all Java objects. We, however were not
     using this by default characteristic of the PropertyUtilsBean.<br/><br/>
     <strong>Mitigation.</strong> Upgrade to commons-beanutils-1.9.4<br/><br/>
     <strong>Credit.</strong> This was discovered by Melloware (https://melloware.com/).<br/><br/>
     <strong>Example.</strong>
     <source>/**
 * Example usage after 1.9.4
 */
 public void testSuppressClassPropertyByDefault() throws Exception {
   final BeanUtilsBean bub = new BeanUtilsBean();
   final AlphaBean bean = new AlphaBean();
   try {
     bub.getProperty(bean, "class");
     fail("Could access class property!");
   } catch (final NoSuchMethodException ex) {
     // ok
   }
 }

 /**
 * Example usage to restore 1.9.3 behaviour
 */
 public void testAllowAccessToClassProperty() throws Exception {
   final BeanUtilsBean bub = new BeanUtilsBean();
   bub.getPropertyUtils().removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
   final AlphaBean bean = new AlphaBean();
   String result = bub.getProperty(bean, "class");
   assertEquals("Class property should have been accessed", "class org.apache.commons.beanutils2.AlphaBean", result);
 }</source>
   </p>
   <p>
     BeanUtils <strong>1.9.x</strong> releases are binary compatible (with a minor exception
     described in the release notes) with version 1.8.3 and require a minimum of
     JDK 1.5.
   </p>
   <p>
     The latest BeanUtils release is available to download
     <a href="https://commons.apache.org/beanutils/download_beanutils.cgi">here</a>.
   </p>
   <ul>
     <li>1.9.3
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.3/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.3/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
     <li>1.9.2
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.2/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
     <li>1.9.1
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.1/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
     <li>1.9.0
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.0/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
   </ul>
 </subsection>
 <subsection name="1.8.x releases">
   <p>
     BeanUtils <strong>1.8.x</strong> releases are binary compatible with version 1.7.0 and
     require a minimum of JDK 1.3.
   </p>
   <ul>
     <li>1.8.3
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.3/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.3/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
     <li>1.8.2
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.2/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.2/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
     <li>1.8.1
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.1/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.1/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
     <li>1.8.0
       <ul>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.0/RELEASE-NOTES.txt">Release Notes</a></li>
         <li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.0/apidocs/index.html">Javadoc</a></li>
       </ul>
     </li>
   </ul>
 </subsection>
 <subsection name="1.7.0">
 <p>
 <strong>BeanUtils 1.7.0</strong> is a service release which removes the dependency
 upon a specific commons-collection library version. It may be safely used together
 with either the 2.x or 3.x series of commons-collections releases.
 It also introduces a number of important enhancements. It is backward compatible
 with the 1.6 release.
     </p>
 <p>
 This important service release is intended to help downstream applications solve
 dependency issues. The dependency on commons collections (which has become problematic
 now that there are two incompatible series of commons collections releases)
 has been factored into a separate optional sub-component plus a small number of
 stable and mature <code>org.apache.commons.collections</code> packaged classes
 (which are distributed with the BeanUtils core). This arrangement means that the
 BeanUtils core sub-component (which is the primary dependency for most downsteam
 applications) can now be safely included on the same classpath as commons collections
 2.x, 3.x or indeed neither.
 </p>
 <p>
 The distribution now contains alternative jar sets. The all-in-one
 jar contains all classes. The modular jar set consists of a core jar dependent only
 on commons logging and an optional bean collections jar (containing classes that
 provide easy and efficient ways to manage collections of beans) which depends on
 commons collections 3.
 </p>
 </subsection>
     <subsection name='Older Releases (Not Mirrored)'>
     <p>
     <ul>
     <li>Version 1.6.1 - 18 Feb 2003
         <a href="https://archive.apache.org/dist/commons/beanutils/binaries/">binary</a> and
         <a href="https://archive.apache.org/dist/commons/beanutils/source/">source</a></li>
     <li>Version 1.6 - 21 Jan 2003
         <a href="https://archive.apache.org/dist/commons/beanutils/binaries/">binary</a> and
         <a href="https://archive.apache.org/dist/commons/beanutils/source/">source</a></li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.5/">Version 1.5 </a> - 23 Oct 2002</li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.4.1/">Version 1.4.1</a> - 28 Aug 2002</li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.4/">Version 1.4</a> - 13 Aug 2002</li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.3/">Version 1.3</a> - 29 Apr 2002</li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.2/">Version 1.2</a> - 24 Dec 2001</li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.1/">Version 1.1</a> - 22 Sep 2001</li>
     <li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.0/">Version 1.0</a> - 14 July 2001</li>
     </ul>
     </p>
     </subsection>
 </section>


 <section name="Support">
     <p>
     The <a href="mail-lists.html">commons mailing lists</a> act as the main support forum.
     The user list is suitable for most library usage queries.
     The dev list is intended for the development discussion.
     Please remember that the lists are shared between all commons components,
     so prefix your email by [beanutils].
     </p>

     <p>
     Issues may be reported via <a href="issue-tracking.html">ASF JIRA</a>.
     </p>
     </section>


 </body>
 </document>
	<?xml version="1.0"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<document>

	<properties>
	<title>Commons</title>
	<author email="dev@commons.apache.org">Commons Documentation Team</author>
	</properties>

	<body>

	<section name="Commons BeanUtils">

	<p>
	Most Java developers are used to creating Java classes that conform to the
	JavaBeans naming patterns for property getters and setters. It is natural to
	then access these methods directly, using calls to the corresponding
	<code>getXxx</code> and <code>setXxx</code> methods. However, there are some
	occasions where dynamic access to Java object properties (without compiled-in
	knowledge of the property getter and setter methods to be called) is needed.
	Example use cases include:</p>
	<ul>
	<li>Building scripting languages that interact with the Java object model
	(such as the Bean Scripting Framework).</li>
	<li>Building template language processors for web presentation and similar
	uses (such as JSP or Velocity).</li>
	<li>Building custom tag libraries for JSP and XSP environments (such as Jakarta
	Taglibs, Struts, Cocoon).</li>
	<li>Consuming XML-based configuration resources (such as Ant build scripts, web
	application deployment descriptors, Tomcat's <code>server.xml</code>
	file).</li>
	</ul>

	<p>
	The Java language provides <em>Reflection</em> and <em>Introspection</em>
	APIs (see the <code>java.lang.reflect</code> and <code>java.beans</code>
	packages in the JDK Javadocs). However, these APIs can be quite complex to
	understand and utilize. The <em>BeanUtils</em> component provides
	easy-to-use wrappers around these capabilities.
	</p>

	<subsection name='BeanUtils Core And Modules'>
	<p>
	The 1.7.x and 1.8.x releases of BeanUtils distributed three jars:
	<ul>
	<li><code>commons-beanutils.jar</code> - contains everything</li>
	<li><code>commons-beanutils-core.jar</code> - excludes <i>Bean Collections</i> classes</li>
	<li><code>commons-beanutils-bean-collections.jar</code> - only <i>Bean Collections</i> classes</li>
	</ul>
	The main <code>commons-beanutils.jar</code> has an <b><i>optional</i></b> dependency on
	<a href='https://commons.apache.org/collections'>Commons Collections</a>
	</p>
	<p>
	Version 1.9.0 reverts this split for reasons outlined at
	<a href="https://issues.apache.org/jira/browse/BEANUTILS-379">BEANUTILS-379</a>.
	There is now only one jar for the BeanUtils library.
	</p>
	<p>
	Version 2.0.0 updates the dependencies for Apache Commons Collection from version 3 to 4.
	Apache Commons Collection 4 changes packages from <code>org.apache.commons.collections</code>
	to <code>org.apache.commons.collections4</code>.
	Since some Commons BeanUtils APIs surface Commons Collection types, Commons BeanUtils 2 changes packages from <code>org.apache.commons.beanutils</code>
	to <code>org.apache.commons.beanutils2</code>.
	</p>
	</subsection>
	<subsection name='Bean Collections'>
	<p>
	Bean collections is a library combining BeanUtils with
	<a href='https://commons.apache.org/collections'>Commons Collections</a>
	to provide services for collections of beans. One class (<code>BeanComparator</code>)
	was previously released, the rest are new. This new distribution strategy should allow
	this sub-component to evolve naturally without the concerns about size and scope
	that might otherwise happen.
	</p>
	<p>
	Bean Collections has an additional dependency on
	<a href='https://commons.apache.org/collections'>Commons Collections</a>.
	</p>
	</subsection>
	</section>

	<section name="Releases">
	<subsection name="2.0.x releases">
	<p>
	BeanUtils <strong>2.0.x</strong> releases are not binary compatible (but easy to port) with version 1.x.x and require a minimum of
	JDK 1.7.
	</p>
	<p>
	The latest BeanUtils release is available to download
	<a href="https://commons.apache.org/beanutils/download_beanutils.cgi">here</a>.
	</p>
	<ul>
	<li>2.0.0
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v2.0.0/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v2.0.0/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	</ul>
	</subsection>
	<subsection name="1.9.x releases">
	<p>
	The latest BeanUtils release is available to download
	<a href="http://commons.apache.org/beanutils/download_beanutils.cgi">here</a>.<br/>
	<em><strong>1.9.4</strong></em><br/><br/>
	<ul>
	<li><a href="http://commons.apache.org/beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="http://commons.apache.org/beanutils/javadocs/v1.9.4/apidocs/index.html">JavaDoc</a></li>
	</ul>
	<strong>CVE-2019-10086.</strong> Apache Commons Beanutils does not suppresses
	the class property in bean introspection by default.<br/><br/>
	<strong>Severity.</strong> Medium<br/><br/>
	<strong>Vendor.</strong> The Apache Software Foundation<br/><br/>
	<strong>Versions Affected.</strong> All versions commons-beanutils-1.9.3 and before.<br/><br/>
	<strong>Description.</strong> In version 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for
	an attacker to access the classloader via the class property available on all Java objects. We, however were not
	using this by default characteristic of the PropertyUtilsBean.<br/><br/>
	<strong>Mitigation.</strong> Upgrade to commons-beanutils-1.9.4<br/><br/>
	<strong>Credit.</strong> This was discovered by Melloware (https://melloware.com/).<br/><br/>
	<strong>Example.</strong>
	<source>/**
	* Example usage after 1.9.4
	*/
	public void testSuppressClassPropertyByDefault() throws Exception {
	final BeanUtilsBean bub = new BeanUtilsBean();
	final AlphaBean bean = new AlphaBean();
	try {
	bub.getProperty(bean, "class");
	fail("Could access class property!");
	} catch (final NoSuchMethodException ex) {
	// ok
	}
	}

	/**
	* Example usage to restore 1.9.3 behaviour
	*/
	public void testAllowAccessToClassProperty() throws Exception {
	final BeanUtilsBean bub = new BeanUtilsBean();
	bub.getPropertyUtils().removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
	final AlphaBean bean = new AlphaBean();
	String result = bub.getProperty(bean, "class");
	assertEquals("Class property should have been accessed", "class org.apache.commons.beanutils2.AlphaBean", result);
	}</source>
	</p>
	<p>
	BeanUtils <strong>1.9.x</strong> releases are binary compatible (with a minor exception
	described in the release notes) with version 1.8.3 and require a minimum of
	JDK 1.5.
	</p>
	<p>
	The latest BeanUtils release is available to download
	<a href="https://commons.apache.org/beanutils/download_beanutils.cgi">here</a>.
	</p>
	<ul>
	<li>1.9.3
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.3/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.3/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	<li>1.9.2
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.2/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	<li>1.9.1
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.1/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	<li>1.9.0
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.9.0/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	</ul>
	</subsection>
	<subsection name="1.8.x releases">
	<p>
	BeanUtils <strong>1.8.x</strong> releases are binary compatible with version 1.7.0 and
	require a minimum of JDK 1.3.
	</p>
	<ul>
	<li>1.8.3
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.3/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.3/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	<li>1.8.2
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.2/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.2/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	<li>1.8.1
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.1/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.1/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	<li>1.8.0
	<ul>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.0/RELEASE-NOTES.txt">Release Notes</a></li>
	<li><a href="https://commons.apache.org/beanutils/javadocs/v1.8.0/apidocs/index.html">Javadoc</a></li>
	</ul>
	</li>
	</ul>
	</subsection>
	<subsection name="1.7.0">
	<p>
	<strong>BeanUtils 1.7.0</strong> is a service release which removes the dependency
	upon a specific commons-collection library version. It may be safely used together
	with either the 2.x or 3.x series of commons-collections releases.
	It also introduces a number of important enhancements. It is backward compatible
	with the 1.6 release.
	</p>
	<p>
	This important service release is intended to help downstream applications solve
	dependency issues. The dependency on commons collections (which has become problematic
	now that there are two incompatible series of commons collections releases)
	has been factored into a separate optional sub-component plus a small number of
	stable and mature <code>org.apache.commons.collections</code> packaged classes
	(which are distributed with the BeanUtils core). This arrangement means that the
	BeanUtils core sub-component (which is the primary dependency for most downsteam
	applications) can now be safely included on the same classpath as commons collections
	2.x, 3.x or indeed neither.
	</p>
	<p>
	The distribution now contains alternative jar sets. The all-in-one
	jar contains all classes. The modular jar set consists of a core jar dependent only
	on commons logging and an optional bean collections jar (containing classes that
	provide easy and efficient ways to manage collections of beans) which depends on
	commons collections 3.
	</p>
	</subsection>
	<subsection name='Older Releases (Not Mirrored)'>
	<p>
	<ul>
	<li>Version 1.6.1 - 18 Feb 2003
	<a href="https://archive.apache.org/dist/commons/beanutils/binaries/">binary</a> and
	<a href="https://archive.apache.org/dist/commons/beanutils/source/">source</a></li>
	<li>Version 1.6 - 21 Jan 2003
	<a href="https://archive.apache.org/dist/commons/beanutils/binaries/">binary</a> and
	<a href="https://archive.apache.org/dist/commons/beanutils/source/">source</a></li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.5/">Version 1.5 </a> - 23 Oct 2002</li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.4.1/">Version 1.4.1</a> - 28 Aug 2002</li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.4/">Version 1.4</a> - 13 Aug 2002</li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.3/">Version 1.3</a> - 29 Apr 2002</li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.2/">Version 1.2</a> - 24 Dec 2001</li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.1/">Version 1.1</a> - 22 Sep 2001</li>
	<li><a href="https://archive.apache.org/dist/commons/beanutils/old/v1.0/">Version 1.0</a> - 14 July 2001</li>
	</ul>
	</p>
	</subsection>
	</section>


	<section name="Support">
	<p>
	The <a href="mail-lists.html">commons mailing lists</a> act as the main support forum.
	The user list is suitable for most library usage queries.
	The dev list is intended for the development discussion.
	Please remember that the lists are shared between all commons components,
	so prefix your email by [beanutils].
	</p>

	<p>
	Issues may be reported via <a href="issue-tracking.html">ASF JIRA</a>.
	</p>
	</section>


	</body>
	</document>