[
https://issues.apache.org/jira/browse/GEODE-10549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10549:
---------------------------------
Description:
h2. Summary
Upgrade Apache Commons IO library from version 2.15.1 to 2.18.0 as part of
dependency maintenance and to address critical bug fixes.
h2. Description
This upgrade is part of the GEODE-10543 dependency modernization effort,
performed alongside the commons-lang3 upgrade to maintain library compatibility
and consistency.
h3. Key Improvements in 2.18.0:
* {*}IO-856{*}: Fixed {{FileUtils.listFiles()}} throwing
{{NoSuchFileException}}
* {*}IO-859{*}: Fixed {{FileUtils.forceDelete()}} on non-existent Windows
files throwing {{IOException}} instead of {{FileNotFoundException}}
* {*}IO-863{*}: Fixed incompatible change to {{FileUtils.listFiles()}}
regarding extensions
* {*}IO-860{*}: Added missing reserved file names in {{FileSystem.WINDOWS}}
(superscript digits for COM and LPT)
* Enhanced {{ValidatingObjectInputStream}} with builder pattern for safe
deserialization
* Improved {{RandomAccessFile}} support and stream handling
h3. Compatibility:
* Binary compatible: Yes
* Source compatible: Yes
* Semantic compatible: Yes
* No breaking API changes
* All intermediate versions (2.16.0, 2.17.0, 2.18.0) maintain full backward
compatibility
h3. Risk Assessment:
*Low risk* - This is a maintenance upgrade with no known security
vulnerabilities in 2.15.1. The upgrade prevents potential file operation
issues, particularly on Windows platforms, and aligns with modern Java best
practices.
h2. Testing:
* Full test suite executed with Java 8
* All builds pass with quality checks (spotless, RAT, PMD, Javadoc)
* No test failures related to commons-io changes
h2. Files Modified:
*
{{build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy}}
** Line 37: {{deps.put("commons-io.version", "2.18.0")}}
h2. Related:
* Part of GEODE-10543: Security and dependency upgrades
* Performed alongside commons-lang3 3.12.0 → 3.18.0 (CVE-2025-48924)
was:
h1. Upgrade commons-io from 2.15.1 to 2.18.0
h2. Summary
Upgrade Apache Commons IO library from version 2.15.1 to 2.18.0 as part of
dependency maintenance and to address critical bug fixes.
h2. Description
This upgrade is part of the GEODE-10543 dependency modernization effort,
performed alongside the commons-lang3 upgrade to maintain library compatibility
and consistency.
h3. Key Improvements in 2.18.0:
* *IO-856*: Fixed {{FileUtils.listFiles()}} throwing {{NoSuchFileException}}
* *IO-859*: Fixed {{FileUtils.forceDelete()}} on non-existent Windows files
throwing {{IOException}} instead of {{FileNotFoundException}}
* *IO-863*: Fixed incompatible change to {{FileUtils.listFiles()}} regarding
extensions
* *IO-860*: Added missing reserved file names in {{FileSystem.WINDOWS}}
(superscript digits for COM and LPT)
* Enhanced {{ValidatingObjectInputStream}} with builder pattern for safe
deserialization
* Improved {{RandomAccessFile}} support and stream handling
h3. Compatibility:
* Binary compatible: Yes
* Source compatible: Yes
* Semantic compatible: Yes
* No breaking API changes
* All intermediate versions (2.16.0, 2.17.0, 2.18.0) maintain full backward
compatibility
h3. Risk Assessment:
*Low risk* - This is a maintenance upgrade with no known security
vulnerabilities in 2.15.1. The upgrade prevents potential file operation
issues, particularly on Windows platforms, and aligns with modern Java best
practices.
h2. Testing:
* Full test suite executed with Java 8
* All builds pass with quality checks (spotless, RAT, PMD, Javadoc)
* No test failures related to commons-io changes
h2. Files Modified:
*
{{build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy}}
** Line 37: {{deps.put("commons-io.version", "2.18.0")}}
h2. Related:
* Part of GEODE-10543: Security and dependency upgrades
* Performed alongside commons-lang3 3.12.0 → 3.18.0 (CVE-2025-48924)
> Upgrade commons-io from 2.15.1 to 2.18.0
> ----------------------------------------
>
> Key: GEODE-10549
> URL: https://issues.apache.org/jira/browse/GEODE-10549
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Priority: Major
>
> h2. Summary
> Upgrade Apache Commons IO library from version 2.15.1 to 2.18.0 as part of
> dependency maintenance and to address critical bug fixes.
> h2. Description
> This upgrade is part of the GEODE-10543 dependency modernization effort,
> performed alongside the commons-lang3 upgrade to maintain library
> compatibility and consistency.
> h3. Key Improvements in 2.18.0:
> * {*}IO-856{*}: Fixed {{FileUtils.listFiles()}} throwing
> {{NoSuchFileException}}
> * {*}IO-859{*}: Fixed {{FileUtils.forceDelete()}} on non-existent Windows
> files throwing {{IOException}} instead of {{FileNotFoundException}}
> * {*}IO-863{*}: Fixed incompatible change to {{FileUtils.listFiles()}}
> regarding extensions
> * {*}IO-860{*}: Added missing reserved file names in {{FileSystem.WINDOWS}}
> (superscript digits for COM and LPT)
> * Enhanced {{ValidatingObjectInputStream}} with builder pattern for safe
> deserialization
> * Improved {{RandomAccessFile}} support and stream handling
> h3. Compatibility:
> * Binary compatible: Yes
> * Source compatible: Yes
> * Semantic compatible: Yes
> * No breaking API changes
> * All intermediate versions (2.16.0, 2.17.0, 2.18.0) maintain full backward
> compatibility
> h3. Risk Assessment:
> *Low risk* - This is a maintenance upgrade with no known security
> vulnerabilities in 2.15.1. The upgrade prevents potential file operation
> issues, particularly on Windows platforms, and aligns with modern Java best
> practices.
> h2. Testing:
> * Full test suite executed with Java 8
> * All builds pass with quality checks (spotless, RAT, PMD, Javadoc)
> * No test failures related to commons-io changes
> h2. Files Modified:
> *
> {{build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy}}
> ** Line 37: {{deps.put("commons-io.version", "2.18.0")}}
> h2. Related:
> * Part of GEODE-10543: Security and dependency upgrades
> * Performed alongside commons-lang3 3.12.0 → 3.18.0 (CVE-2025-48924)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
