(paimon) branch master updated: [core] Bump commons-lang3 to version 3.18.0 to avoid CVE-2025-48924 (#6781)

lzljs3620320 Tue, 09 Dec 2025 02:54:24 -0800

This is an automated email from the ASF dual-hosted git repository.

lzljs3620320 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/paimon.git



The following commit(s) were added to refs/heads/master by this push:
     new 6cf7ebd593 [core] Bump commons-lang3 to version 3.18.0 to avoid 
CVE-2025-48924 (#6781)
6cf7ebd593 is described below

commit 6cf7ebd59332abeb64ee2bb92bd3f912e310ff4e
Author: yangjf2019 <[email protected]>
AuthorDate: Tue Dec 9 18:54:11 2025 +0800

    [core] Bump commons-lang3 to version 3.18.0 to avoid CVE-2025-48924 (#6781)
---
 paimon-benchmark/paimon-micro-benchmarks/pom.xml                        | 2 +-
 paimon-filesystems/paimon-azure-impl/src/main/resources/META-INF/NOTICE | 2 +-
 paimon-filesystems/paimon-cosn-impl/src/main/resources/META-INF/NOTICE  | 2 +-
 paimon-filesystems/paimon-gs-impl/src/main/resources/META-INF/NOTICE    | 2 +-
 .../paimon-hadoop-shaded/src/main/resources/META-INF/NOTICE             | 2 +-
 paimon-filesystems/paimon-obs-impl/src/main/resources/META-INF/NOTICE   | 2 +-
 paimon-filesystems/paimon-oss-impl/src/main/resources/META-INF/NOTICE   | 2 +-
 paimon-filesystems/paimon-s3-impl/src/main/resources/META-INF/NOTICE    | 2 +-
 paimon-format/pom.xml                                                   | 2 +-
 paimon-format/src/main/resources/META-INF/NOTICE                        | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/paimon-benchmark/paimon-micro-benchmarks/pom.xml 
b/paimon-benchmark/paimon-micro-benchmarks/pom.xml
index 545456a417..41942e8488 100644
--- a/paimon-benchmark/paimon-micro-benchmarks/pom.xml
+++ b/paimon-benchmark/paimon-micro-benchmarks/pom.xml
@@ -134,7 +134,7 @@ under the License.
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.12.0</version>
+            <version>3.18.0</version>
             <scope>provided</scope>
         </dependency>
 
diff --git 
a/paimon-filesystems/paimon-azure-impl/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-azure-impl/src/main/resources/META-INF/NOTICE
index 5187575afd..1c4727b121 100644
--- a/paimon-filesystems/paimon-azure-impl/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-azure-impl/src/main/resources/META-INF/NOTICE
@@ -28,7 +28,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - commons-logging:commons-logging:1.1.3
 - org.apache.commons:commons-compress:1.21
 - org.apache.commons:commons-configuration2:2.1.1
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 - org.apache.commons:commons-text:1.4
 - org.apache.hadoop:hadoop-annotations:3.3.4
 - org.apache.hadoop:hadoop-auth:3.3.4
diff --git 
a/paimon-filesystems/paimon-cosn-impl/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-cosn-impl/src/main/resources/META-INF/NOTICE
index eab5a4c844..beaa2bea28 100644
--- a/paimon-filesystems/paimon-cosn-impl/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-cosn-impl/src/main/resources/META-INF/NOTICE
@@ -25,7 +25,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - commons-logging:commons-logging:1.1.3
 - commons-beanutils:commons-beanutils:1.9.4
 - org.apache.commons:commons-configuration2:2.1.1
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 - org.apache.commons:commons-text:1.4
 - org.apache.hadoop:hadoop-auth:3.3.4
 - org.apache.commons:commons-compress:1.21
diff --git 
a/paimon-filesystems/paimon-gs-impl/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-gs-impl/src/main/resources/META-INF/NOTICE
index 4360d53657..940a1c03b7 100644
--- a/paimon-filesystems/paimon-gs-impl/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-gs-impl/src/main/resources/META-INF/NOTICE
@@ -41,7 +41,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 -io.airlift:aircompressor:0.27
 -org.apache.commons:commons-compress:1.21
 -org.apache.commons:commons-configuration2:2.1.1
--org.apache.commons:commons-lang3:3.12.0
+-org.apache.commons:commons-lang3:3.18.0
 -org.apache.commons:commons-text:1.4
 -org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.1.1
 -org.apache.hadoop.thirdparty:hadoop-shaded-protobuf_3_7:1.1.1
diff --git 
a/paimon-filesystems/paimon-hadoop-shaded/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-hadoop-shaded/src/main/resources/META-INF/NOTICE
index 511fefb0ed..5ad7a79576 100644
--- a/paimon-filesystems/paimon-hadoop-shaded/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-hadoop-shaded/src/main/resources/META-INF/NOTICE
@@ -20,7 +20,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - commons-logging:commons-logging:1.1.3
 - org.apache.commons:commons-compress:1.21
 - org.apache.commons:commons-configuration2:2.1.1
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 - org.apache.commons:commons-text:1.4
 - org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.1.1
 - org.apache.hadoop.thirdparty:hadoop-shaded-protobuf_3_7:1.1.1
diff --git 
a/paimon-filesystems/paimon-obs-impl/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-obs-impl/src/main/resources/META-INF/NOTICE
index 575b8326da..5f48784626 100644
--- a/paimon-filesystems/paimon-obs-impl/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-obs-impl/src/main/resources/META-INF/NOTICE
@@ -21,7 +21,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - commons-logging:commons-logging:1.1.3
 - org.apache.commons:commons-compress:1.21
 - org.apache.commons:commons-configuration2:2.1.1
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 - org.apache.commons:commons-text:1.4
 - org.apache.hadoop:hadoop-annotations:3.3.4
 - org.apache.hadoop:hadoop-auth:3.3.4
diff --git 
a/paimon-filesystems/paimon-oss-impl/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-oss-impl/src/main/resources/META-INF/NOTICE
index 502aa96a2f..86f0373d64 100644
--- a/paimon-filesystems/paimon-oss-impl/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-oss-impl/src/main/resources/META-INF/NOTICE
@@ -34,7 +34,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - commons-collections:commons-collections:3.2.2
 - commons-beanutils:commons-beanutils:1.9.4
 - org.apache.commons:commons-configuration2:2.1.1
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 - org.apache.commons:commons-text:1.4
 - org.apache.hadoop:hadoop-auth:3.3.4
 - org.apache.commons:commons-compress:1.21
diff --git 
a/paimon-filesystems/paimon-s3-impl/src/main/resources/META-INF/NOTICE 
b/paimon-filesystems/paimon-s3-impl/src/main/resources/META-INF/NOTICE
index 04a594758c..211c3c322a 100644
--- a/paimon-filesystems/paimon-s3-impl/src/main/resources/META-INF/NOTICE
+++ b/paimon-filesystems/paimon-s3-impl/src/main/resources/META-INF/NOTICE
@@ -29,7 +29,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - joda-time:joda-time:2.8.1
 - org.apache.commons:commons-compress:1.21
 - org.apache.commons:commons-configuration2:2.1.1
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 - org.apache.commons:commons-text:1.10.0
 - org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.1.1
 - org.apache.hadoop.thirdparty:hadoop-shaded-protobuf_3_7:1.1.1
diff --git a/paimon-format/pom.xml b/paimon-format/pom.xml
index 9c834fd52c..a82d3e7107 100644
--- a/paimon-format/pom.xml
+++ b/paimon-format/pom.xml
@@ -34,7 +34,7 @@ under the License.
     <properties>
         <joda-time.version>2.5</joda-time.version>
         <commons.pool.version>1.6</commons.pool.version>
-        <commons.lang3.version>3.12.0</commons.lang3.version>
+        <commons.lang3.version>3.18.0</commons.lang3.version>
         <storage-api.version>2.8.1</storage-api.version>
         <commons.io.version>2.16.1</commons.io.version>
     </properties>
diff --git a/paimon-format/src/main/resources/META-INF/NOTICE 
b/paimon-format/src/main/resources/META-INF/NOTICE
index c90ea44717..5f2c582bdd 100644
--- a/paimon-format/src/main/resources/META-INF/NOTICE
+++ b/paimon-format/src/main/resources/META-INF/NOTICE
@@ -11,7 +11,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - org.apache.hive:hive-storage-api:2.8.1
 - io.airlift:aircompressor:0.27
 - commons-lang:commons-lang:2.6
-- org.apache.commons:commons-lang3:3.12.0
+- org.apache.commons:commons-lang3:3.18.0
 
 - org.apache.avro:avro:1.11.4
 - com.fasterxml.jackson.core:jackson-core:2.14.2

(paimon) branch master updated: [core] Bump commons-lang3 to version 3.18.0 to avoid CVE-2025-48924 (#6781)

Reply via email to