(kafka) branch 3.9 updated: KAFKA-19520: Bump Commons-Lang for CVE-2025-48924 (#20433)

[mimaison]

This is an automated email from the ASF dual-hosted git repository.

mimaison pushed a commit to branch 3.9
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/3.9 by this push:
     new 0fd4593554e KAFKA-19520: Bump Commons-Lang for CVE-2025-48924 (#20433)
0fd4593554e is described below

commit 0fd4593554eb068750ec0a68825c27e1e7a9cb05
Author: Federico Valeri <fedeval...@gmail.com>
AuthorDate: Fri Aug 29 11:44:49 2025 +0200

    KAFKA-19520: Bump Commons-Lang for CVE-2025-48924 (#20433)
    
    Bump Commons-Lang for CVE-2025-48924.
    
    Signed-off-by: Federico Valeri <fedeval...@gmail.com>
    Reviewers: Mickael Maison <mickael.mai...@gmail.com>
---
 LICENSE-binary             | 2 +-
 build.gradle               | 1 +
 gradle/dependencies.gradle | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index b6b70edcd9d..b4b0bc4ebf7 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -212,7 +212,7 @@ commons-cli-1.4
 commons-collections-3.2.2
 commons-digester-2.1
 commons-io-2.14.0
-commons-lang3-3.12.0
+commons-lang3-3.18.0
 commons-logging-1.3.5
 commons-validator-1.7
 error_prone_annotations-2.10.0
diff --git a/build.gradle b/build.gradle
index 1387d7f6c3c..6ae65325055 100644
--- a/build.gradle
+++ b/build.gradle
@@ -165,6 +165,7 @@ allprojects {
           libs.reload4j,
           // Workaround before `commons-validator` has new release. See 
KAFKA-19359.
           libs.commonsBeanutils,
+          libs.commonsLang
         )
       }
     }
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index c0c513c1e39..1127dd26033 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -92,6 +92,7 @@ versions += [
   commonsCli: "1.4",
   commonsIo: "2.14.0", // ZooKeeper dependency. Do not use, this is going away.
   commonsBeanutils: "1.11.0",
+  commonsLang: "3.18.0",
   commonsValidator: "1.7",
   dropwizardMetrics: "4.1.12.1",
   gradle: "8.10.2",
@@ -184,6 +185,7 @@ libs += [
   commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
   commonsIo: "commons-io:commons-io:$versions.commonsIo",
   commonsBeanutils: 
"commons-beanutils:commons-beanutils:$versions.commonsBeanutils",
+  commonsLang: "org.apache.commons:commons-lang3:$versions.commonsLang",
   commonsValidator: 
"commons-validator:commons-validator:$versions.commonsValidator",
   jacksonAnnotations: 
"com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
   jacksonDatabind: 
"com.fasterxml.jackson.core:jackson-databind:$versions.jackson",