Skip to content

Fix vulnerability issue in commons-lang3 to address CVE-2025-48924 #25549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 24, 2025
Merged

Fix vulnerability issue in commons-lang3 to address CVE-2025-48924 #25549

merged 1 commit into from
Jul 24, 2025

Conversation

ShahimSharafudeen
Copy link
Contributor

@ShahimSharafudeen ShahimSharafudeen commented Jul 16, 2025
edited
Loading

Description

Upgrade commons-lang3 version at 3.18.0 across the codebase to address CVE-2025-48924

Motivation and Context

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==


Security Changes
* Upgrade commons-lang3 to 3.18.0 to address `CVE-2025-48924 <https://github.com/advisories/GHSA-j288-q9x7-2f5v>`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jul 16, 2025
@ShahimSharafudeen ShahimSharafudeen force-pushed the commons-lang3-cve-fix branch 2 times, most recently from bfed1e6 to 77e217c Compare July 17, 2025 06:48
@ShahimSharafudeen ShahimSharafudeen marked this pull request as ready for review July 17, 2025 11:51
@ShahimSharafudeen ShahimSharafudeen requested a review from a team as a code owner July 17, 2025 11:51
@prestodb-ci prestodb-ci requested review from a team, nishithakbhaskaran and NivinCS and removed request for a team July 17, 2025 11:51
nishithakbhaskaran
nishithakbhaskaran reviewed Jul 17, 2025
View reviewed changes
Copy link
Contributor

@nishithakbhaskaran nishithakbhaskaran left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version in the PR description and Release note is different from the actual one used. Please correct the description and the release note accordilngly.

@ShahimSharafudeen
Copy link
Contributor Author

The version in the PR description and Release note is different from the actual one used. Please correct the description and the release note accordilngly.

Done

agrawalreetika
agrawalreetika reviewed Jul 17, 2025
View reviewed changes
Copy link
Member

@agrawalreetika agrawalreetika left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I think we can update the commit message to something like -

Upgrade commons-lang3 to 3.18.0 to address CVE-2025-48924

nishithakbhaskaran
nishithakbhaskaran approved these changes Jul 17, 2025
View reviewed changes
Copy link
Contributor

@nishithakbhaskaran nishithakbhaskaran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@ShahimSharafudeen
Copy link
Contributor Author

ShahimSharafudeen commented Jul 21, 2025
edited
Loading

LGTM, I think we can update the commit message to something like -

Upgrade commons-lang3 to 3.18.0 to address CVE-2025-48924

@agrawalreetika - Done.

@agrawalreetika agrawalreetika merged commit 795f6c4 into prestodb:master Jul 24, 2025
171 of 173 checks passed
@unidevel unidevel mentioned this pull request Jul 24, 2025
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agrawalreetika agrawalreetika agrawalreetika approved these changes

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@nishithakbhaskaran nishithakbhaskaran nishithakbhaskaran approved these changes

@NivinCS NivinCS NivinCS approved these changes

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ShahimSharafudeen @agrawalreetika @tdcmeehan @nishithakbhaskaran @NivinCS @prestodb-ci