reiabreu opened a new issue, #8425: URL: https://github.com/apache/storm/issues/8425
https://lists.apache.org/thread/x6n655on8fl40jtm4j4gqny1qjcgnflp > Hello Team, > > As you are aware, Apache Storm currently depends on commons-lang 2.6 and > this version is affected by CVE-2025-48924 > <https://nvd.nist.gov/vuln/detail/CVE-2025-48924> - an Uncontrolled > Recursion vulnerability. The commons-lang 2.x is end-of-life with no active > maintenance. > > As Storm already started using commons-lang 3.x from 2.6.0 > <https://issues.apache.org/jira/browse/STORM-3972>, do we have plans to > migrate commons-lang from 2.x to 3.x? Which means, migrate all the internal > code references from org.apache.commons.lang* to > org.apache.commons.lang3.*, make the API level changes and fully remove the > commons-lang 2.6 dependency from all build files once migration is complete. > > This migration will resolve the known vulnerability, align Storm with an > actively maintained library & reduce exposure to any future vulnerabilities. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
