Upgrade commons-io from 2.15.1 to 2.18.0 (#7943)

JinwooHwang · web-flow · commit c0e592aa2624 · 2025-10-24T12:59:33.000+02:00
This commit upgrades the Apache Commons IO library to version 2.18.0
to address potential security vulnerabilities and benefit from the
latest bug fixes and improvements.

Changes:
- Updated commons-io version in DependencyConstraints.groovy from 2.15.1 to 2.18.0
- Updated expected-pom.xml to reflect new commons-io version (2.18.0)
- Updated assembly_content.txt with new commons-io JAR reference
- Updated gfsh_dependency_classpath.txt with new commons-io version
- Updated dependency_classpath.txt in geode-server-all with new version

Testing:
- All unit tests pass (./gradlew test)
- Build validation successful (./gradlew clean build -x test)
- All quality checks pass (./gradlew build install javadoc spotlessCheck rat checkPom resolveDependencies pmdMain -x test)

Version 2.18.0 includes important fixes and improvements over 2.15.1,
providing better stability and security for the Geode project.
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -160,7 +160,7 @@
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
-        <version>2.11.0</version>
+        <version>2.18.0</version>
       </dependency>
       <dependency>
         <groupId>commons-logging</groupId>
diff --git a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -33,7 +33,7 @@ class DependencyConstraints {
     // These version numbers are consumed by :geode-modules-assembly:distAppServer filtering
     // Some of these are referenced below as well
     deps.put("antlr.version", "2.7.7")
-    deps.put("commons-io.version", "2.15.1")
+    deps.put("commons-io.version", "2.18.0")
     deps.put("commons-lang3.version", "3.12.0")
     deps.put("commons-validator.version", "1.7")
     deps.put("fastutil.version", "8.5.8")
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -931,7 +931,7 @@ lib/commons-beanutils-1.11.0.jar
 lib/commons-codec-1.15.jar
 lib/commons-collections-3.2.2.jar
 lib/commons-digester-2.1.jar
-lib/commons-io-2.15.1.jar
+lib/commons-io-2.18.0.jar
 lib/commons-lang3-3.12.0.jar
 lib/commons-logging-1.3.5.jar
 lib/commons-modeler-2.0.1.jar
diff --git a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -53,7 +53,7 @@ shiro-config-ogdl-1.13.0.jar
 commons-codec-1.15.jar
 commons-collections-3.2.2.jar
 commons-digester-2.1.jar
-commons-io-2.15.1.jar
+commons-io-2.18.0.jar
 commons-logging-1.3.5.jar
 classgraph-4.8.147.jar
 micrometer-core-1.9.1.jar
diff --git a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
@@ -80,7 +80,7 @@ lucene-analyzers-phonetic-6.6.6.jar
 spring-context-5.3.21.jar
 jetty-security-9.4.57.v20241219.jar
 geode-logging-0.0.0.jar
-commons-io-2.15.1.jar
+commons-io-2.18.0.jar
 shiro-lang-1.13.0.jar
 javax.transaction-api-1.3.jar
 geode-common-0.0.0.jar
