[
https://issues.apache.org/jira/browse/CALCITE-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mihai Budiu resolved CALCITE-7097.
----------------------------------
Resolution: Fixed
Fixed in
https://github.com/apache/calcite/commit/b25fcd8016dbb25291cd79d0c0e2d71abb132ab6
Thank you for the contribution [~zrlpar]
Thank you for the review [~rubenql]
> Update commons-lang3 to 3.18.0 to address CVE-2025-48924
> --------------------------------------------------------
>
> Key: CALCITE-7097
> URL: https://issues.apache.org/jira/browse/CALCITE-7097
> Project: Calcite
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.40.0
> Reporter: Niels Pardon
> Assignee: Niels Pardon
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.41.0
>
>
> CVE-2025-48924 affects any versions of commons-lang before 3.18.0 including
> 2.x
> calcite-core currently directly uses both commons-lang 2.x and commons-lang3
> 3.13.0
> additionally calcite-core depends on net.hydromatic:aggdesigner-algorithm:6.0
> which pulls in commons-lang 2.x which has been changed to use commons-lang3
> but not released yet and not upgraded to 3.18.0
> https://github.com/julianhyde/aggdesigner/issues/3
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
