KAFKA-19520 Bump Commons-Lang for CVE-2025-48924 (#20196)

Bump Commons-Lang for CVE-2025-48924. Reviewers: Luke Chen <showuon@gmail.com>, Federico Valeri <fedevaleri@gmail.com>
2025-07-19 12:05:50 +05:00 · 2025-07-19 12:05:50 +05:00 · 12e695e298
parent 70c51641fb
commit 12e695e298
3 changed files with 5 additions and 2 deletions
--- a/2
+++ b/2
@ -209,7 +209,7 @@ License Version 2.0:
 - commons-beanutils-1.11.0
 - commons-collections-3.2.2
 - commons-digester-2.1
- commons-lang3-3.12.0
+- commons-lang3-3.18.0
 - commons-logging-1.3.5
 - commons-validator-1.9.0
 - jackson-annotations-2.16.2
--- a/build.gradle
+++ b/build.gradle
@ -199,7 +199,8 @@ allprojects {
          libs.scalaReflect,
          // Workaround before `commons-validator` has new release. See KAFKA-19359.
          libs.commonsBeanutils,
-          libs.jacksonAnnotations
+          libs.jacksonAnnotations,
+          libs.commonsLang
        )
      }
    }
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@ -61,6 +61,7 @@ versions += [
  bndlib: "7.0.0",
  checkstyle: project.hasProperty('checkstyleVersion') ? checkstyleVersion : "10.20.2",
  commonsBeanutils: "1.11.0",
+  commonsLang: "3.18.0",
  commonsValidator: "1.9.0",
  classgraph: "4.8.173",
  gradle: "8.10.2",
@ -150,6 +151,7 @@ libs += [
  caffeine: "com.github.ben-manes.caffeine:caffeine:$versions.caffeine",
  classgraph: "io.github.classgraph:classgraph:$versions.classgraph",
  commonsBeanutils: "commons-beanutils:commons-beanutils:$versions.commonsBeanutils",
+  commonsLang: "org.apache.commons:commons-lang3:$versions.commonsLang",
  commonsValidator: "commons-validator:commons-validator:$versions.commonsValidator",
  jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
  jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jackson",