Package: libcommons-lang3-java / 3.17.0-2

Metadata

Package Version Patches format
libcommons-lang3-java 3.17.0-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
disable_testGetUserHome_test.diff | (download)

src/test/java/org/apache/commons/lang3/SystemUtilsTest.java | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 disable systemutilstest#testgetuserhome as it depends on
 $HOME (which is not available on buildd).
ignore benchmarks.diff | (download)

pom.xml | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 
 ignore the jmh benchmarks
CVE 2025 48924.diff | (download)

src/main/java/org/apache/commons/lang3/ClassUtils.java | 34 16 + 18 - 0 !
src/test/java/org/apache/commons/lang3/ClassUtilsOssFuzzTest.java | 50 50 + 0 - 0 !
2 files changed, 66 insertions(+), 18 deletions(-)

 
 rewrite classutils.getclass() without recursion to avoid
 StackOverflowError on very long inputs.

- This was found fuzz testing Apache Commons Text which relies on
ClassUtils.
- OssFuzz Issue 42522972:
apache-commons-text:StringSubstitutorInterpolatorFuzzer: Security
exception in org.apache.commons.lang3.ClassUtils.getClass