[jira] [Created] (CALCITE-7097) Update commons-lang3 to 3.18.0 to address CVE-2025-48924

Niels Pardon (Jira) Wed, 16 Jul 2025 02:34:05 -0700

Niels Pardon created CALCITE-7097:
-------------------------------------

             Summary: Update commons-lang3 to 3.18.0 to address CVE-2025-48924
                 Key: CALCITE-7097
                 URL: https://issues.apache.org/jira/browse/CALCITE-7097
             Project: Calcite
          Issue Type: Improvement
          Components: core
    Affects Versions: 1.40.0
            Reporter: Niels Pardon
             Fix For: 1.41.0



CVE-2025-48924 affects any versions of commons-lang before 3.18.0 including 2.x

calcite-core currently directly uses both commons-lang 2.x and commons-lang3 
3.13.0

additionally calcite-core depends on net.hydromatic:aggdesigner-algorithm:6.0 
which pulls in commons-lang 2.x which has been changed to use commons-lang3 but 
not released yet and not upgraded to 3.18.0
https://github.com/julianhyde/aggdesigner/issues/3



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CALCITE-7097) Update commons-lang3 to 3.18.0 to address CVE-2025-48924

Reply via email to