From 384e60449d52110dd947e6b0bc7b3f77085d0dca Mon Sep 17 00:00:00 2001
From: Sebastian Peters <s.peters@data-team.de>
Date: Mon, 16 Dec 2019 13:13:25 +0100
Subject: [PATCH 1/2] Update commons-collections to 3.2.2

and fix CVE-2015-6420, CVE-2017-15708
---
 mailreader/pom.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mailreader/pom.xml b/mailreader/pom.xml
index 7b52560e..4a8c9a29 100644
--- a/mailreader/pom.xml
+++ b/mailreader/pom.xml
@@ -46,7 +46,12 @@
             <artifactId>struts-mailreader-dao</artifactId>
             <version>1.3.5</version>
         </dependency>
-
+        <!-- override transitive version from struts-mailreader-dao -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
+        </dependency>
     </dependencies>
 
     <build>

From f60c11f34c47db54bb8afc2342bb8ae02476ba54 Mon Sep 17 00:00:00 2001
From: Sebastian Peters <s.peters@data-team.de>
Date: Mon, 16 Dec 2019 13:16:35 +0100
Subject: [PATCH 2/2] Update commons-beanutils to 1.9.4

and fix CVE-2014-0114, CVE-2019-10086
---
 mailreader/pom.xml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/mailreader/pom.xml b/mailreader/pom.xml
index 4a8c9a29..d69a9367 100644
--- a/mailreader/pom.xml
+++ b/mailreader/pom.xml
@@ -46,12 +46,18 @@
             <artifactId>struts-mailreader-dao</artifactId>
             <version>1.3.5</version>
         </dependency>
-        <!-- override transitive version from struts-mailreader-dao -->
+        <!-- begin: override transitive version from struts-mailreader-dao -->
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
+        </dependency>
         <dependency>
             <groupId>commons-collections</groupId>
             <artifactId>commons-collections</artifactId>
             <version>3.2.2</version>
         </dependency>
+        <!-- end: override transitive version from struts-mailreader-dao -->
     </dependencies>
 
     <build>