Skip to content

Code name: Fixes for vulnerability CVE-2025-48924

Latest
Latest

Choose a tag to compare

View all tags
@pj-spoelders pj-spoelders released this 08 Aug 10:34
0.4.4
38e225d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Summary

This release fixes the following vulnerability:

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.12.0:provided

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-48924 for details

CVE: CVE-2025-48924
CWE: CWE-674

References

Security

  • #31: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.12.0:provided

Dependency Updates

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.5.0 to 5.2.3
  • Added io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1
  • Removed io.github.zlika:reproducible-build-maven-plugin:0.17
  • Added org.apache.maven.plugins:maven-artifact-plugin:3.6.0
  • Updated org.apache.maven.plugins:maven-clean-plugin:3.4.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.13.0 to 3.14.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.3 to 3.1.4
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.2 to 3.5.3
  • Updated org.apache.maven.plugins:maven-install-plugin:3.1.3 to 3.1.4
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.11.1 to 3.11.2
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.2 to 3.5.3
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.6.0 to 1.7.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.12 to 0.8.13
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:5.0.0.4389 to 5.1.0.4751
  • Added org.sonatype.central:central-publishing-maven-plugin:0.7.0
  • Removed org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0
Assets 2
Loading