[Backport 2.19-dev][Maintenance] Fix CVE-2025-48924

RyanL1997 · RyanL1997 · commit 11ff38c223cb · 2025-10-29T19:29:36.000-07:00
Signed-off-by: Jialiang Liang &lt;jiallian@amazon.com&gt;
diff --git a/build.gradle b/build.gradle
@@ -154,6 +154,9 @@ allprojects {
         resolutionStrategy.force 'commons-io:commons-io:2.15.0'
         resolutionStrategy.force 'org.yaml:snakeyaml:2.2'
         resolutionStrategy.force 'commons-beanutils:commons-beanutils:1.11.0'
+        resolutionStrategy.dependencySubstitution {
+            substitute module('commons-lang:commons-lang') using module('org.apache.commons:commons-lang3:3.18.0') because 'CVE-2025-48924: commons-lang 2.x vulnerable to StackOverflowError'
+        }
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -154,6 +154,9 @@ allprojects {`
`154`	`154`	`resolutionStrategy.force 'commons-io:commons-io:2.15.0'`
`155`	`155`	`resolutionStrategy.force 'org.yaml:snakeyaml:2.2'`
`156`	`156`	`resolutionStrategy.force 'commons-beanutils:commons-beanutils:1.11.0'`
	`157`	`+ resolutionStrategy.dependencySubstitution {`
	`158`	`+ substitute module('commons-lang:commons-lang') using module('org.apache.commons:commons-lang3:3.18.0') because 'CVE-2025-48924: commons-lang 2.x vulnerable to StackOverflowError'`
	`159`	`+ }`
`157`	`160`	`}`
`158`	`161`	`}`
`159`	`162`