Skip to content

1.0.7 Fixes for vulnerability CVE-2025-48924

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 08 Aug 14:51
· 7 commits to main since this release
1.0.7
a2db058
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release fixes the following vulnerability:

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVE: CVE-2025-48924
CWE: CWE-674

References

Security

  • #30: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Dependency Updates

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.1.5 to 7.1.7

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.4
  • Updated com.exasol:project-keeper-maven-plugin:5.1.0 to 5.2.3
  • Added org.sonatype.central:central-publishing-maven-plugin:0.7.0
  • Removed org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0
Assets 4
Loading