[jira] [Assigned] (GEODE-10549) Upgrade commons-io from 2.15.1 to 2.18.0

Mon, 12 Jan 2026 06:00:06 -0800 


     [ 
https://issues.apache.org/jira/browse/GEODE-10549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinwoo Hwang reassigned GEODE-10549:
------------------------------------

    Assignee: Jinwoo Hwang

> Upgrade commons-io from 2.15.1 to 2.18.0
> ----------------------------------------
>
>                 Key: GEODE-10549
>                 URL: https://issues.apache.org/jira/browse/GEODE-10549
>             Project: Geode
>          Issue Type: Improvement
>            Reporter: Jinwoo Hwang
>            Assignee: Jinwoo Hwang
>            Priority: Major
>
> h2. Summary
> Upgrade Apache Commons IO library from version 2.15.1 to 2.18.0 as part of 
> dependency maintenance and to address critical bug fixes.
> h2. Description
> This upgrade is part of the GEODE-10543 dependency modernization effort, 
> performed alongside the commons-lang3 upgrade to maintain library 
> compatibility and consistency.
> h3. Key Improvements in 2.18.0:
>  * {*}IO-856{*}: Fixed {{FileUtils.listFiles()}} throwing 
> {{NoSuchFileException}}
>  * {*}IO-859{*}: Fixed {{FileUtils.forceDelete()}} on non-existent Windows 
> files throwing {{IOException}} instead of {{FileNotFoundException}}
>  * {*}IO-863{*}: Fixed incompatible change to {{FileUtils.listFiles()}} 
> regarding extensions
>  * {*}IO-860{*}: Added missing reserved file names in {{FileSystem.WINDOWS}} 
> (superscript digits for COM and LPT)
>  * Enhanced {{ValidatingObjectInputStream}} with builder pattern for safe 
> deserialization
>  * Improved {{RandomAccessFile}} support and stream handling
> h3. Compatibility:
>  * Binary compatible: Yes
>  * Source compatible: Yes
>  * Semantic compatible: Yes
>  * No breaking API changes
>  * All intermediate versions (2.16.0, 2.17.0, 2.18.0) maintain full backward 
> compatibility
> h3. Risk Assessment:
> *Low risk* - This is a maintenance upgrade with no known security 
> vulnerabilities in 2.15.1. The upgrade prevents potential file operation 
> issues, particularly on Windows platforms, and aligns with modern Java best 
> practices.
> h2. Testing:
>  * Full test suite executed with Java 8
>  * All builds pass with quality checks (spotless, RAT, PMD, Javadoc)
>  * No test failures related to commons-io changes
> h2. Files Modified:
>  * 
> {{build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy}}
>  ** Line 37: {{deps.put("commons-io.version", "2.18.0")}}
> h2. Related:
>  * Part of GEODE-10543: Security and dependency upgrades
>  * Performed alongside commons-lang3 3.12.0 → 3.18.0 (CVE-2025-48924)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to