Releases: beanshell/beanshell
BeanShell 2.1.1
BeanShell 2.1.1
This release formalizes the merge of 2.0b6 with suitable backports from the development (HEAD) version of BeanShell (3). Also included are are some ALv2 contributions to the BeanShell2 fork that had not been folded into BeanShell but are still applicable to this version. For backwards compatibility purposes, the 2.x branch of BeanShell still supports a minimum Java version of 1.6.
This release fixes the problem with the old 2.1.0 release. No other work will be done on the 2.x branch.
License
BeanShell is licensed under the Apache License, version 2.0. See the file LICENSE for details, and the NOTICE file for required attributions.
Download
1a1b0cee99f428d1ca189880ae62fa72d46c967a bsh-2.1.1-javadoc.zip
10bc2679163a603cf351fedd3bba4ba47b8716cb bsh-2.1.1-sources.jar
0619865bfa592acb90ff7956c8d17319fe1d4292 bsh-2.1.1-src.zip
5c01a006b0aba21ef55c01f96ea062c1cb2bf707 bsh-2.1.1.jar
6bde9b61dbfaf6201ce268543070b226b918739d bsh-2.1.1.pom
96a8beac22a726905ae3d3b0c36e6de880cb05db bsh-bsf-2.1.1.jar
585e827a99536a88f56cfc4250fb8cab56b1cee6 bsh-classgen-2.1.1.jar
426000e9a2f369248b53633d99706107b44efa42 bsh-classpath-2.1.1.jar
6c4006de39d29b654980c4a6987f4bdf5455abb5 bsh-commands-2.1.1.jar
a70d01f818a37722ad2f0bccc9ec8b2178ab5cdb bsh-core-2.1.1.jar
3fb0017d222f0fb51c7fa9d1a359d9a56f4fe4e4 bsh-engine-2.1.1.jar
5aeb5e599aea436b83d7248724de7012f3695dff bsh-reflect-2.1.1.jar
620212ff506a8746df262d71012be0e9f12fec94 bsh-util-2.1.1.jar
BeanShell 2.0b6
BeanShell 2.0b6 is a security update that is functionally equivalent to the previous version 2.0b5.
No other functionality has changed since 2.0b5, but this is a recommended update for all BeanShell users, as it fixes a remote code execution vulnerability.
Security fix (CVE-2016-2510)
This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Muñoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix!
An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source.
A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.
This update fixes the vulnerability in BeanShell, but it is worth noting that applications doing such deserialization might still be insecure through other libraries. It is recommended that application developers take further measures such as using a restricted class loader when deserializing. See notes on Java serialization security, XStream security and How to secure deserialization from untrusted input without using encryption or sealing.
A MITRE CVE number has been reserved: CVE-2016-2510
License
BeanShell is licensed under the Apache License, version 2.0. See the file LICENSE for details, and the NOTICE file for required attributions.
Download
SHA1 checksums for this release:
fb418f9b33a0b951e9a2978b4b6ee93b2707e72f bsh-2.0b6.jar
275c867ca3aabc509d0a58ddf0bbd184bdcd38c8 bsh-bsf-2.0b6.jar
4b06123a1ef1bd4902a0f98e726d031e464a624f bsh-classgen-2.0b6.jar
43f16d2f87254bf1c070f59be3bf87eeaf586f5b bsh-classpath-2.0b6.jar
89e20b12ef604103a4b8b7854ece29659ea34103 bsh-commands-2.0b6.jar
67504d1544d29e17fa3e81b08fe045296264f48f bsh-core-2.0b6.jar
aaae80a54fe32c7c5cb616b5d577890fb8d9cbe6 bsh-engine-2.0b6.jar
b7586bb3a7e2adfe1b6090625a886da8bd252369 bsh-reflect-2.0b6.jar
ede153857e4438b092c69db93c9c07cd4071cf1d bsh-util-2.0b6.jar
7336b2d1ace24214b557993a66ec99636eee2318 bsh-2.0b6-javadoc.zip
76497846de1f3d2ef438d79e31328107658d10be bsh-2.0b6-src.zip
ef6b86a126ae192d8639af6f5b3dbe5d4c6d7dde bsh-2.0b6.pom
sha512:
a39321a99a8a619a48b65752f6ee6b8f11d3b28ebb051082ec70a70a0d5041e83d144378df191929e3d6562bd5ee4c4f1ccadb0ba42055529d18800a41d8ae18 bsh-2.0b6.jar
fbbff46b0248fa668e32cf42214e7e66d4fe2ad6bc29834a769e933c855461dc5fa8ff34a0c7f8551d1fd216f9321949fdf98a7e5f0ea31237201dcfdb8bc4a4 bsh-bsf-2.0b6.jar
670fdf60ea81d6ed82aea235b9bb34b699ba8bcf24bdff84de7b8428759aecbac21685057688808fe5c88bddcd6a11269a3c4208ea3b518957f9abfe876530f2 bsh-classgen-2.0b6.jar
d7eeeab6287c4473ec8ea6bdef7c5fe4b688e6065f04b6921335ffed6e85a05a4ac82846fbfec55714c33e28cbe488e610f7eb7eb4629843f597af00b0375380 bsh-classpath-2.0b6.jar
59ac6b109aa38c68094e720f6c44bc0b286d06085cfcdc67fda093dc2afdce286689d618c3010a312b428d57941255e2607dd097f718d848c6249c3c79c7b774 bsh-commands-2.0b6.jar
cba855e8dacc2322d25dc153639afcf3c14dc4428797add76847868c3e73f0accc5ed68f95af4ac2b42084474bdabc4944f79297060c7636154fa07ceff33cc3 bsh-core-2.0b6.jar
a4abf59778dc10230acf89cb0e3b395fedbc3998392ab3278de158f0881c98e08aa48286d0241f897cc1c17fbdd0b656c0f98ee36d1e736a31c5c2106470daf9 bsh-engine-2.0b6.jar
f99ea38314eb5c9834abbc3e7134e4b770b87fee7b4827dd50635907eee0cd3df0e80a526280699848a5f0dcb23bc715818164d466f199b04167aed86e823864 bsh-reflect-2.0b6.jar
d758c743632d659e97d21773d97b0da22906ae29ab10792ec7a7969a0bc532f500caeeb23c1dba786b84c4b8d22946e00dbb500c41d346d85de333564f77d8fc bsh-util-2.0b6.jar
8632a8f59dd8cf87eece6d84ca3c883952b6e40d3f0038b48967c708f9cc7731b978f675284a47e2ca616832615956e67d879f0c6108be462d4447a2d575789c bsh-2.0b6-javadoc.zip
a04eca6a57807358bd4f8d017a2eeaa58403ef51fab11fc46ab089113a0ff5f66aaa793d3fc57b484334cbf51ed388a90d8d72d1e5819c8248cc0113ac928a77 bsh-2.0b6-src.zip
52f4d03510691259ee13799726ee18b31255dbfdef1b46ff3b82e7fc065021d0b391772804b201380366c2cbd23392f6ec1ba50d9d5cf15c9becaae331fba1c6 bsh-2.0b6.pom
This release is also distributed to Maven Central. Usage:
<dependencies>
<dependency>
<groupId>org.apache-extras.beanshell</groupId>
<artifactId>bsh</artifactId>
<version>2.0b6</version>
</dependency>
</dependencies>Alternatively you can use
our BinTray Maven repository or
JCenter:
<!-- just beanshell -->
<repository>
<id>bintray-beanshell-Beanshell</id>
<name>bintray</name>
<url>http://dl.bintray.com/beanshell/Beanshell</url>
<snapshots><enabled>false</enabled></snapshots>
</repository>
<!-- or use JCenter -->
<repository>
<id>central</id>
<name>bintray</name>
<url>http://jcenter.bintray.com</url>
<snapshots><enabled>false</enabled></snapshots>
</repository>User interface
To execute the Beanshell user interface, either double-click the JAR file, or run it with:
java -jar bsh-2.0b6.jar
You will need Java 5 or later installed. Note that there is a bug (#4) which may cause a hang, preventing the user interface from running with Java 8.