vishnu k r created RANGER-5391:
----------------------------------
Summary: Migrate from commons-lang 2.6 to commons-lang3 3.19.0 to
fix CVE-2025-48924
Key: RANGER-5391
URL: https://issues.apache.org/jira/browse/RANGER-5391
Project: Ranger
Issue Type: Bug
Components: admin, plugins, Ranger
Affects Versions: 2.7.0
Reporter: vishnu k r
Fix For: 3.0.0
This issue tracks the migration of Apache Ranger from Apache Commons Lang 2.6
to Commons Lang 3.19.0
to address CVE-2025-48924.
The existing dependency `commons-lang:2.6` is affected by CVE-2025-48924, which
exposes
potential input handling vulnerabilities. The newer `commons-lang3` library
(package
`org.apache.commons.lang3`) is a fully maintained and secure replacement.
**Proposed Changes:**
- Remove dependency on `commons-lang:2.6`
- Add dependency on `commons-lang3:3.19.0`
- Update all imports from `org.apache.commons.lang.*` to
`org.apache.commons.lang3.*`
- Adjust code where API differences exist
- Validate build and test compatibility
**Impact:**
- Fixes CVE-2025-48924
- Removes usage of deprecated and insecure dependency
- No functional impact to Ranger features
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
