(seatunnel) branch dev updated: [Fix] Fix CVE-2025-48924 for commons-lang3 (#9935)

corgy Sat, 18 Oct 2025 05:09:02 -0700

This is an automated email from the ASF dual-hosted git repository.

corgy pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/seatunnel.git



The following commit(s) were added to refs/heads/dev by this push:
     new c079a967e7 [Fix] Fix CVE-2025-48924 for commons-lang3 (#9935)
c079a967e7 is described below

commit c079a967e790209f1eaaf806c6903b8927014a1f
Author: David Zollo <[email protected]>
AuthorDate: Mon Oct 13 16:05:23 2025 +0800

    [Fix] Fix CVE-2025-48924 for commons-lang3 (#9935)
---
 pom.xml                                                            | 2 +-
 seatunnel-connectors-v2/connector-file/connector-file-base/pom.xml | 2 +-
 seatunnel-connectors-v2/connector-hudi/pom.xml                     | 2 +-
 seatunnel-connectors-v2/connector-kudu/pom.xml                     | 2 +-
 seatunnel-connectors-v2/connector-maxcompute/pom.xml               | 2 +-
 seatunnel-connectors-v2/connector-pulsar/pom.xml                   | 2 +-
 tools/dependencies/known-dependencies.txt                          | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9cb681c51c..11df2d57c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -105,7 +105,7 @@
         <elasticsearch6.client.version>6.3.1</elasticsearch6.client.version>
         <elasticsearch7.client.version>7.5.1</elasticsearch7.client.version>
         
<flink-shaded-hadoop-2.version>2.7.5-7.0</flink-shaded-hadoop-2.version>
-        <commons-lang3.version>3.8</commons-lang3.version>
+        <commons-lang3.version>3.18.0</commons-lang3.version>
         <commons-io.version>2.11.0</commons-io.version>
         <commons-collections4.version>4.4</commons-collections4.version>
         <commons-csv.version>1.10.0</commons-csv.version>
diff --git a/seatunnel-connectors-v2/connector-file/connector-file-base/pom.xml 
b/seatunnel-connectors-v2/connector-file/connector-file-base/pom.xml
index 3b1e2f4fb9..ca03d0963e 100644
--- a/seatunnel-connectors-v2/connector-file/connector-file-base/pom.xml
+++ b/seatunnel-connectors-v2/connector-file/connector-file-base/pom.xml
@@ -32,7 +32,7 @@
     <properties>
         <orc.version>1.5.6</orc.version>
         <commons.collecton4.version>4.4</commons.collecton4.version>
-        <commons.lang3.version>3.4</commons.lang3.version>
+        <commons.lang3.version>3.18.0</commons.lang3.version>
         <parquet-avro.version>1.12.3</parquet-avro.version>
         <poi.version>4.1.2</poi.version>
         <poi-ooxml.version>4.1.2</poi-ooxml.version>
diff --git a/seatunnel-connectors-v2/connector-hudi/pom.xml 
b/seatunnel-connectors-v2/connector-hudi/pom.xml
index 1ec51614d2..d83b0cf3ea 100644
--- a/seatunnel-connectors-v2/connector-hudi/pom.xml
+++ b/seatunnel-connectors-v2/connector-hudi/pom.xml
@@ -31,7 +31,7 @@
 
     <properties>
         <hudi.version>0.15.0</hudi.version>
-        <commons.lang3.version>3.4</commons.lang3.version>
+        <commons.lang3.version>3.18.0</commons.lang3.version>
         <parquet.version>1.12.2</parquet.version>
         <snappy.version>1.1.10.4</snappy.version>
         <kryo.shaded.version>4.0.2</kryo.shaded.version>
diff --git a/seatunnel-connectors-v2/connector-kudu/pom.xml 
b/seatunnel-connectors-v2/connector-kudu/pom.xml
index 9dcdc87853..f74a43d164 100644
--- a/seatunnel-connectors-v2/connector-kudu/pom.xml
+++ b/seatunnel-connectors-v2/connector-kudu/pom.xml
@@ -31,7 +31,7 @@
 
     <properties>
         <kudu.version>1.11.1</kudu.version>
-        <commons.lang3.version>3.4</commons.lang3.version>
+        <commons.lang3.version>3.18.0</commons.lang3.version>
     </properties>
 
     <dependencies>
diff --git a/seatunnel-connectors-v2/connector-maxcompute/pom.xml 
b/seatunnel-connectors-v2/connector-maxcompute/pom.xml
index f85c47fc3f..00ce56b703 100644
--- a/seatunnel-connectors-v2/connector-maxcompute/pom.xml
+++ b/seatunnel-connectors-v2/connector-maxcompute/pom.xml
@@ -31,7 +31,7 @@
 
     <properties>
         <maxcompute.version>0.51.0</maxcompute.version>
-        <commons.lang3.version>3.4</commons.lang3.version>
+        <commons.lang3.version>3.18.0</commons.lang3.version>
     </properties>
 
     <dependencies>
diff --git a/seatunnel-connectors-v2/connector-pulsar/pom.xml 
b/seatunnel-connectors-v2/connector-pulsar/pom.xml
index 12bbec5918..e213275a72 100644
--- a/seatunnel-connectors-v2/connector-pulsar/pom.xml
+++ b/seatunnel-connectors-v2/connector-pulsar/pom.xml
@@ -31,7 +31,7 @@
 
     <properties>
         <pulsar.version>2.11.0</pulsar.version>
-        <commons-lang3.version>3.4</commons-lang3.version>
+        <commons-lang3.version>3.18.0</commons-lang3.version>
     </properties>
 
     <dependencies>
diff --git a/tools/dependencies/known-dependencies.txt 
b/tools/dependencies/known-dependencies.txt
index 914773a5fd..241819ed88 100755
--- a/tools/dependencies/known-dependencies.txt
+++ b/tools/dependencies/known-dependencies.txt
@@ -2,7 +2,7 @@ commons-codec-1.13.jar
 commons-collections4-4.4.jar
 commons-compress-1.20.jar
 commons-io-2.11.0.jar
-commons-lang3-3.8.jar
+commons-lang3-3.18.0.jar
 commons-csv-1.10.0.jar
 config-1.3.3.jar
 disruptor-3.4.4.jar

(seatunnel) branch dev updated: [Fix] Fix CVE-2025-48924 for commons-lang3 (#9935)

Reply via email to