(geode) branch develop updated: Upgrade commons-io from 2.15.1 to 2.18.0 (#7943)

Fri, 24 Oct 2025 03:59:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

engelen pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/develop by this push:
     new c0e592aa26 Upgrade commons-io from 2.15.1 to 2.18.0 (#7943)
c0e592aa26 is described below

commit c0e592aa262478da9183acada7c0164f1eb766f6
Author: Jinwoo Hwang <[email protected]>
AuthorDate: Fri Oct 24 06:59:33 2025 -0400

    Upgrade commons-io from 2.15.1 to 2.18.0 (#7943)
    
    This commit upgrades the Apache Commons IO library to version 2.18.0
    to address potential security vulnerabilities and benefit from the
    latest bug fixes and improvements.
    
    Changes:
    - Updated commons-io version in DependencyConstraints.groovy from 2.15.1 to 
2.18.0
    - Updated expected-pom.xml to reflect new commons-io version (2.18.0)
    - Updated assembly_content.txt with new commons-io JAR reference
    - Updated gfsh_dependency_classpath.txt with new commons-io version
    - Updated dependency_classpath.txt in geode-server-all with new version
    
    Testing:
    - All unit tests pass (./gradlew test)
    - Build validation successful (./gradlew clean build -x test)
    - All quality checks pass (./gradlew build install javadoc spotlessCheck 
rat checkPom resolveDependencies pmdMain -x test)
    
    Version 2.18.0 includes important fixes and improvements over 2.15.1,
    providing better stability and security for the Geode project.
---
 boms/geode-all-bom/src/test/resources/expected-pom.xml                  | 2 +-
 .../groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy | 2 +-
 geode-assembly/src/integrationTest/resources/assembly_content.txt       | 2 +-
 .../src/integrationTest/resources/gfsh_dependency_classpath.txt         | 2 +-
 geode-server-all/src/integrationTest/resources/dependency_classpath.txt | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml 
b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index ea1c001ddb..7b28cae487 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -160,7 +160,7 @@
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
-        <version>2.11.0</version>
+        <version>2.18.0</version>
       </dependency>
       <dependency>
         <groupId>commons-logging</groupId>
diff --git 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 2c6fb052fb..4b2ce0cf5b 100644
--- 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -33,7 +33,7 @@ class DependencyConstraints {
     // These version numbers are consumed by 
:geode-modules-assembly:distAppServer filtering
     // Some of these are referenced below as well
     deps.put("antlr.version", "2.7.7")
-    deps.put("commons-io.version", "2.15.1")
+    deps.put("commons-io.version", "2.18.0")
     deps.put("commons-lang3.version", "3.12.0")
     deps.put("commons-validator.version", "1.7")
     deps.put("fastutil.version", "8.5.8")
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt 
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index 6db66b873e..d7fefc9a5f 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -931,7 +931,7 @@ lib/commons-beanutils-1.11.0.jar
 lib/commons-codec-1.15.jar
 lib/commons-collections-3.2.2.jar
 lib/commons-digester-2.1.jar
-lib/commons-io-2.15.1.jar
+lib/commons-io-2.18.0.jar
 lib/commons-lang3-3.12.0.jar
 lib/commons-logging-1.3.5.jar
 lib/commons-modeler-2.0.1.jar
diff --git 
a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt 
b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
index 3052927766..34fc7c5147 100644
--- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -53,7 +53,7 @@ shiro-config-ogdl-1.13.0.jar
 commons-codec-1.15.jar
 commons-collections-3.2.2.jar
 commons-digester-2.1.jar
-commons-io-2.15.1.jar
+commons-io-2.18.0.jar
 commons-logging-1.3.5.jar
 classgraph-4.8.147.jar
 micrometer-core-1.9.1.jar
diff --git 
a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt 
b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
index ef01a763c6..11b111ea56 100644
--- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
@@ -80,7 +80,7 @@ lucene-analyzers-phonetic-6.6.6.jar
 spring-context-5.3.21.jar
 jetty-security-9.4.57.v20241219.jar
 geode-logging-0.0.0.jar
-commons-io-2.15.1.jar
+commons-io-2.18.0.jar
 shiro-lang-1.13.0.jar
 javax.transaction-api-1.3.jar
 geode-common-0.0.0.jar

Reply via email to