Uploaded image for project: 'JOC - JS7 Operations Center'
  1. JOC - JS7 Operations Center
  2. JOC-2086

Upgrade commons-lang3 to version 3.18.0 due to 3rd party vulnerability CVE-2025-48924

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.7.5, 2.8.0
    • 2.5.12, 2.7.6, 2.8.1
    • None
    • None
    • CVE-2025-48924

    Description

      Current Stuation

      Currently JS7 ships with commons-lang3 3.14.0 which is affected by CVE-2025-48924.

      We rate the impact to our software as low as we do not make use of the vulnerable ClassUtils.getClass(...) method.

      Desired Behavior

      JS7 should use commons-lang3 version 3.18.0 which solves the issue.

       

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Gautam Vadera Gautam Vadera
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: