Apache BVal community members working in Apache Commons have recently
succeeded in pushing the 2.0 release of the Apache Commons Weaver component
upon which we depend.
Our immediate plans are to push the release of the Apache licensed bean
validation 2.0 specification artifact through the Apache Geronimo project and
then to release Apache BVal 2.0.
The security issue mentioned last quarter is incurred at the specification
level and has been deemed low priority by the bean validation community as a
whole, any vulnerability requiring deliberate and naive custom code on the
part of the application developer. The Apache BVal community continue to
ponder what actions we might take to reduce the likelihood of such naive