asopapiyush opened a new pull request, #6878: URL: https://github.com/apache/hop/pull/6878
Our project currently uses Apache Commons Lang 2.x, which has an active CVE reported against the ClassUtils.getClass() API. This vulnerability exposes the project to potential security risks related to uncontrolled or unsafe class loading. To ensure the security posture of the application, we aim to upgrade to Apache Commons Lang 3.x, where these issues have been addressed. However, this migration is not straightforward, as Commons Lang 3 introduces major breaking changes, including package restructures (org.apache.commons.lang → org.apache.commons.lang3), method deprecations, behavioral changes, and API incompatibility. This task involves refactoring the codebase to support Commons Lang 3.x while ensuring functional parity. ------------------------ Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily: - [ ] Run `mvn clean install apache-rat:check` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using `git rebase -i`. - [ ] Mention the appropriate issue in your description (for example: `addresses #123`), if applicable. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [ ] I hereby declare this contribution to be licensed under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
