Skip to content

Fix vulnerability issue in commons-lang3 to address CVE-2025-48924#25549

Merged
agrawalreetika merged 1 commit into
prestodb:masterfrom
ShahimSharafudeen:commons-lang3-cve-fix
Jul 24, 2025
Merged

Fix vulnerability issue in commons-lang3 to address CVE-2025-48924#25549
agrawalreetika merged 1 commit into
prestodb:masterfrom
ShahimSharafudeen:commons-lang3-cve-fix

Conversation

@ShahimSharafudeen

@ShahimSharafudeen ShahimSharafudeen commented Jul 16, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Upgrade commons-lang3 version at 3.18.0 across the codebase to address CVE-2025-48924

Motivation and Context

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==


Security Changes
* Upgrade commons-lang3 to 3.18.0 to address `CVE-2025-48924 <https://github.com/advisories/GHSA-j288-q9x7-2f5v>`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jul 16, 2025
@ShahimSharafudeen ShahimSharafudeen force-pushed the commons-lang3-cve-fix branch 2 times, most recently from bfed1e6 to 77e217c Compare July 17, 2025 06:48
@ShahimSharafudeen ShahimSharafudeen marked this pull request as ready for review July 17, 2025 11:51
@ShahimSharafudeen ShahimSharafudeen requested a review from a team as a code owner July 17, 2025 11:51
@prestodb-ci prestodb-ci requested review from a team, NivinCS and nishithakbhaskaran and removed request for a team July 17, 2025 11:51
nishithakbhaskaran
nishithakbhaskaran reviewed Jul 17, 2025
View reviewed changes

@nishithakbhaskaran nishithakbhaskaran left a comment
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version in the PR description and Release note is different from the actual one used. Please correct the description and the release note accordilngly.

@ShahimSharafudeen

ShahimSharafudeen commented Jul 17, 2025

Copy link
Copy Markdown
Contributor Author

The version in the PR description and Release note is different from the actual one used. Please correct the description and the release note accordilngly.

Done

agrawalreetika
agrawalreetika reviewed Jul 17, 2025
View reviewed changes

@agrawalreetika agrawalreetika left a comment
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I think we can update the commit message to something like -

Upgrade commons-lang3 to 3.18.0 to address CVE-2025-48924

nishithakbhaskaran
nishithakbhaskaran approved these changes Jul 17, 2025
View reviewed changes

@nishithakbhaskaran nishithakbhaskaran left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@ShahimSharafudeen

ShahimSharafudeen commented Jul 21, 2025
edited
Loading

Copy link
Copy Markdown
Contributor Author

LGTM, I think we can update the commit message to something like -

Upgrade commons-lang3 to 3.18.0 to address CVE-2025-48924

@agrawalreetika - Done.

@agrawalreetika agrawalreetika merged commit 795f6c4 into prestodb:master Jul 24, 2025
171 of 173 checks passed
This was referenced Jul 24, 2025
Merged
Merged
@prestodb-ci prestodb-ci mentioned this pull request Jul 28, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agrawalreetika agrawalreetika agrawalreetika approved these changes

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@nishithakbhaskaran nishithakbhaskaran nishithakbhaskaran approved these changes

@NivinCS NivinCS NivinCS approved these changes

Assignees

No one assigned

Labels

from:IBM PR from IBM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ShahimSharafudeen @agrawalreetika @tdcmeehan @nishithakbhaskaran @NivinCS @prestodb-ci