[jira] [Created] (GEODE-10549) pgrade commons-io from 2.15.1 to 2.18.0

Mon, 12 Jan 2026 05:59:09 -0800 

Jinwoo Hwang created GEODE-10549:
------------------------------------

             Summary: pgrade commons-io from 2.15.1 to 2.18.0
                 Key: GEODE-10549
                 URL: https://issues.apache.org/jira/browse/GEODE-10549
             Project: Geode
          Issue Type: Improvement
            Reporter: Jinwoo Hwang


h1. Upgrade commons-io from 2.15.1 to 2.18.0

h2. Summary
Upgrade Apache Commons IO library from version 2.15.1 to 2.18.0 as part of 
dependency maintenance and to address critical bug fixes.

h2. Description
This upgrade is part of the GEODE-10543 dependency modernization effort, 
performed alongside the commons-lang3 upgrade to maintain library compatibility 
and consistency.

h3. Key Improvements in 2.18.0:
* *IO-856*: Fixed {{FileUtils.listFiles()}} throwing {{NoSuchFileException}}
* *IO-859*: Fixed {{FileUtils.forceDelete()}} on non-existent Windows files 
throwing {{IOException}} instead of {{FileNotFoundException}}
* *IO-863*: Fixed incompatible change to {{FileUtils.listFiles()}} regarding 
extensions
* *IO-860*: Added missing reserved file names in {{FileSystem.WINDOWS}} 
(superscript digits for COM and LPT)
* Enhanced {{ValidatingObjectInputStream}} with builder pattern for safe 
deserialization
* Improved {{RandomAccessFile}} support and stream handling

h3. Compatibility:
* Binary compatible: Yes
* Source compatible: Yes  
* Semantic compatible: Yes
* No breaking API changes
* All intermediate versions (2.16.0, 2.17.0, 2.18.0) maintain full backward 
compatibility

h3. Risk Assessment:
*Low risk* - This is a maintenance upgrade with no known security 
vulnerabilities in 2.15.1. The upgrade prevents potential file operation 
issues, particularly on Windows platforms, and aligns with modern Java best 
practices.

h2. Testing:
* Full test suite executed with Java 8
* All builds pass with quality checks (spotless, RAT, PMD, Javadoc)
* No test failures related to commons-io changes

h2. Files Modified:
* 
{{build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy}}
** Line 37: {{deps.put("commons-io.version", "2.18.0")}}

h2. Related:
* Part of GEODE-10543: Security and dependency upgrades
* Performed alongside commons-lang3 3.12.0 → 3.18.0 (CVE-2025-48924)




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to