This update for apache-commons-beanutils fixes the following issues: Security issue fixed: - CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects .