CVE-2025-48924 increases the motivation to remove Commons Lang 2 from Jenkins core. That cannot be done until core stops depending on it (including via Json-Lib), as discussed in this thread, and until plugins stop depending on core's copy. To track the latter I created this spreadsheet:
https://docs.google.com/spreadsheets/d/1w6_QXUflt1GSTdQ1-WyWtVXewu99LuHuvr-0Hivoi7I/edit -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrL%3D3nOYG8nAOVVZofbXJcy65-%2B-E0Kd%3Da%2B06q9fa9WKA%40mail.gmail.com.
