(kafka) branch 4.1 updated: KAFKA-19520 Bump Commons-Lang for CVE-2025-48924 (#20196)

Sat, 19 Jul 2025 00:08:23 -0700 

This is an automated email from the ASF dual-hosted git repository.

showuon pushed a commit to branch 4.1
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/4.1 by this push:
     new 01d8154b6ea KAFKA-19520 Bump Commons-Lang for CVE-2025-48924 (#20196)
01d8154b6ea is described below

commit 01d8154b6ea01d5a66776dcb251205efa5a3dd5b
Author: Dmitry Werner <[email protected]>
AuthorDate: Sat Jul 19 12:05:50 2025 +0500

    KAFKA-19520 Bump Commons-Lang for CVE-2025-48924 (#20196)
    
    Bump Commons-Lang for CVE-2025-48924.
    
    Reviewers: Luke Chen <[email protected]>, Federico Valeri 
<[email protected]>
---
 LICENSE-binary             | 2 +-
 build.gradle               | 3 ++-
 gradle/dependencies.gradle | 2 ++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index b0640c1bca7..b601ccebfb7 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -209,7 +209,7 @@ License Version 2.0:
 - commons-beanutils-1.11.0
 - commons-collections-3.2.2
 - commons-digester-2.1
-- commons-lang3-3.12.0
+- commons-lang3-3.18.0
 - commons-logging-1.3.5
 - commons-validator-1.9.0
 - hash4j-0.22.0
diff --git a/build.gradle b/build.gradle
index 8e0f4393252..97250637b70 100644
--- a/build.gradle
+++ b/build.gradle
@@ -195,7 +195,8 @@ allprojects {
           libs.scalaReflect,
           // Workaround before `commons-validator` has new release. See 
KAFKA-19359.
           libs.commonsBeanutils,
-          libs.jacksonAnnotations
+          libs.jacksonAnnotations,
+          libs.commonsLang
         )
       }
     }
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 2e97bf2a4c4..10173814e53 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -58,6 +58,7 @@ versions += [
   bndlib: "7.1.0",
   checkstyle: project.hasProperty('checkstyleVersion') ? checkstyleVersion : 
"10.20.2",
   commonsBeanutils: "1.11.0",
+  commonsLang: "3.18.0",
   commonsValidator: "1.9.0",
   classgraph: "4.8.179",
   gradle: "8.14.1",
@@ -150,6 +151,7 @@ libs += [
   caffeine: "com.github.ben-manes.caffeine:caffeine:$versions.caffeine",
   classgraph: "io.github.classgraph:classgraph:$versions.classgraph",
   commonsBeanutils: 
"commons-beanutils:commons-beanutils:$versions.commonsBeanutils",
+  commonsLang: "org.apache.commons:commons-lang3:$versions.commonsLang",
   commonsValidator: 
"commons-validator:commons-validator:$versions.commonsValidator",
   jacksonAnnotations: 
"com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
   jacksonDatabind: 
"com.fasterxml.jackson.core:jackson-databind:$versions.jackson",

Reply via email to