[
https://issues.apache.org/jira/browse/LANG-1781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18010454#comment-18010454
]
Gary D. Gregory edited comment on LANG-1781 at 7/28/25 4:07 PM:
----------------------------------------------------------------
[~sbernard]
We only maintain the 3.x release line.
For Java requirements see
[https://commons.apache.org/proper/commons-lang/changes.html] sourced from
[https://github.com/apache/commons-lang/blob/master/src/ and
changes/changes.xml|https://github.com/apache/commons-lang/blob/master/src/changes/changes.xml]
was (Author: garydgregory):
[~sbernard]
We only maintain the 3.x release line.
For Java requirements see
https://github.com/apache/commons-lang/blob/master/src/changes/changes.xml
> Any plan for a 2.6.1 fixing CVE-2025-48924
> ------------------------------------------
>
> Key: LANG-1781
> URL: https://issues.apache.org/jira/browse/LANG-1781
> Project: Commons Lang
> Issue Type: Wish
> Affects Versions: 2.6
> Reporter: Simon
> Priority: Major
>
> Just to know if there is any plan to release a 2.6.1 (or 2.7) which fixes
> [CVE-2025-48924|http://example.com/] ?
> I understand the vulnerability is only fixed by 3.18.0, right ?
> Looking at your lib web pages I see :
> * The [current
> release|https://commons.apache.org/proper/commons-lang/apidocs/index.html]
> [Java 8 and up]
> * The [legacy releases for
> 3.x|https://javadoc.io/doc/org.apache.commons/commons-lang3]
> * The [legacy releases for
> 2.x|https://javadoc.io/doc/commons-lang/commons-lang] [Java 1.2 and up]
> I'm a bit confused by the second line.
> All 3.x version required java 8, right ?
> (People seing that issue could also be interested by
> https://issues.apache.org/jira/browse/LANG-1777)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
