[
https://issues.apache.org/jira/browse/TOMAHAWK-1691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18011155#comment-18011155
]
Thomas Andraschko commented on TOMAHAWK-1691:
---------------------------------------------
JFYI
Tomahawk is in maintenance mode since many years, so dont expect any fixes or
commits
I suggest to migrate to PrimeFaces
> Fix CVE-2025-48924 by updating to commons-lang3:3.18.0
> ------------------------------------------------------
>
> Key: TOMAHAWK-1691
> URL: https://issues.apache.org/jira/browse/TOMAHAWK-1691
> Project: MyFaces Tomahawk
> Issue Type: Bug
> Affects Versions: 1.1.1, 1.1.2, 1.1.3, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9,
> 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15-SNAPSHOT
> Reporter: Nikolai Novik
> Priority: Major
>
> [CVE-2025-48924|https://nvd.nist.gov/vuln/detail/CVE-2025-48924] was revealed
> in {{{}commons-lang:2.4{}}}, which is currently on the list of [dependencies
> for MyFaces
> Tomahawk|https://svn-eu.apache.org/repos/asf/myfaces/site/publish/tomahawk-project/tomahawk/dependencies.html]
> library.
> As there is no available fix in {{{}commons-lang:2.x{}}}, Tomahawk should be
> switched to {{{}commons-lang3:3.18.0{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
