(shardingsphere) branch master updated: Fixes CVE-2025-48924 (#36085)

Sun, 27 Jul 2025 22:19:29 -0700 

This is an automated email from the ASF dual-hosted git repository.

zhangliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git


The following commit(s) were added to refs/heads/master by this push:
     new 527d6958ef5 Fixes CVE-2025-48924 (#36085)
527d6958ef5 is described below

commit 527d6958ef5a615f5f15b0b6f5086d8cc494fc63
Author: Liang Zhang <[email protected]>
AuthorDate: Mon Jul 28 13:19:19 2025 +0800

    Fixes CVE-2025-48924 (#36085)
    
    * Upgrade commons-lang3 to 3.18.0 to fix CVE-2025-48924
    
    * Upgrade commons-lang3 to 3.18.0 to fix CVE-2025-48924
---
 RELEASE-NOTES.md                                 | 4 ++++
 distribution/proxy/src/main/release-docs/LICENSE | 2 +-
 pom.xml                                          | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 52ccdd6813a..2d2d43c78fc 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 ## Release 5.5.3-SNAPSHOT
 
+### CVE
+
+1. Fixes CVE-2025-48924 
[#36085](https://github.com/apache/shardingsphere/pull/36085)
+
 ### Metadata Storage Changes
 
 1. Remove `default_strategies` prefix on sharding rule metadata persist 
[#34664](https://github.com/apache/shardingsphere/pull/34664)
diff --git a/distribution/proxy/src/main/release-docs/LICENSE 
b/distribution/proxy/src/main/release-docs/LICENSE
index 84b892828fa..9e697181cfa 100644
--- a/distribution/proxy/src/main/release-docs/LICENSE
+++ b/distribution/proxy/src/main/release-docs/LICENSE
@@ -229,7 +229,7 @@ The text of each license is the standard Apache 2.0 license.
     commons-exec 1.3: https://github.com/apache/commons-exec, Apache 2.0
     commons-io 2.11.0: https://github.com/apache/commons-io, Apache 2.0
     commons-lang 2.4: https://github.com/apache/commons-lang, Apache 2.0
-    commons-lang3 3.15.0: https://github.com/apache/commons-lang, Apache 2.0
+    commons-lang3 3.18.0: https://github.com/apache/commons-lang, Apache 2.0
     commons-math3 3.6.1: https://commons.apache.org/proper/commons-math, 
Apache 2.0
     commons-pool2 2.12.0: https://commons.apache.org/proper/commons-pool, 
Apache 2.0
     commons-logging 1.2: https://github.com/apache/commons-logging, Apache 2.0
diff --git a/pom.xml b/pom.xml
index 270400e535b..abb63dd99bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,7 +73,7 @@
         <j2objc-annotations.version>1.3</j2objc-annotations.version>
         <calcite.version>1.40.0</calcite.version>
         
-        <commons-lang3.version>3.15.0</commons-lang3.version>
+        <commons-lang3.version>3.18.0</commons-lang3.version>
         <commons-codec.version>1.16.0</commons-codec.version>
         <commons-math3.version>3.6.1</commons-math3.version>
         <commons-pool2.version>2.12.0</commons-pool2.version>

Reply via email to