vishnukribm opened a new pull request, #724: URL: https://github.com/apache/ranger/pull/724
This PR addresses [CVE-2025-48924](https://www.cve.org/CVERecord?id=CVE-2025-48924) by migrating Apache Ranger from Apache Commons Lang 2.6 to Commons Lang 3.19.0. The old commons-lang:2.6 dependency is affected by CVE-2025-48924 and is no longer maintained. commons-lang3 is a separate and actively maintained library under the package org.apache.commons.lang3. Changes include: ``` Removed dependency on commons-lang:2.6 Added dependency on commons-lang3:3.19.0 Updated imports from org.apache.commons.lang.* → org.apache.commons.lang3.* Adjusted minor API differences between Lang 2.x and 3.x Verified build and runtime compatibility across all Ranger modules: This change removes a known vulnerable dependency and aligns Ranger with modern, supported libraries. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
