Package: libcommons-lang-java / 2.6-11

Metadata

Package Version Patches format
libcommons-lang-java 2.6-11 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 source encoding.patch | (download)

build.xml | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 
 set the source encoding to fix the build failure with recent jdks
02 java17 compatibility.patch | (download)

src/main/java/org/apache/commons/lang/math/JVMRandom.java | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fixes the compatibility with java 17
03 CVE 2025 48924.patch | (download)

src/main/java/org/apache/commons/lang/ClassUtils.java | 46 22 + 24 - 0 !
src/test/java/org/apache/commons/lang/ClassUtilsOssFuzzTest.java | 64 64 + 0 - 0 !
2 files changed, 86 insertions(+), 24 deletions(-)

 
 [patch] rewrite classutils.getclass() without recursion to avoid
 StackOverflowError on very long inputs.

- This was found fuzz testing Apache Commons Text which relies on
ClassUtils.
- OssFuzz Issue 42522972:
apache-commons-text:StringSubstitutorInterpolatorFuzzer: Security
exception in org.apache.commons.lang3.ClassUtils.getClass