Upgrade to Apache Commons Lang 3.18.0 [CVE-2025-48924]
Commons Lang 2 is unmaintained since Jan 16, 2011
and affected by [CVE-2025-48924].
Change-Id: I72389621d2987fbcc15a381dc821ef22c1698d78
diff --git a/pom.xml b/pom.xml
index d651bbe..402e3a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -576,11 +576,12 @@
<artifactId>joda-time</artifactId>
<version>2.12.6</version>
</dependency>
- <dependency>
- <groupId>commons-lang</groupId>
- <artifactId>commons-lang</artifactId>
- <version>2.6</version>
- </dependency>
+ <!-- Apache Commons Lang 3 (maintained) -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.18.0</version>
+ </dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
diff --git a/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java b/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
index cfa2157..95e3071 100644
--- a/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
+++ b/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
@@ -214,8 +214,8 @@
jlog.debug("{}: connect: successfull.", ldapConfig.useSSL ? "LDAPS" : "LDAP");
}
catch (LDAPException e) {
- String fullStackTrace = org.apache.commons.lang.exception.ExceptionUtils
- .getFullStackTrace(e);
+ String fullStackTrace = org.apache.commons.lang3.exception.ExceptionUtils
+ .getStackTrace(e);
jlog.error("Connecting to LDAP Server: failed: '{}'!\n", fullStackTrace);
ldapTerminate(lc);
diff --git a/src/main/java/de/ids_mannheim/korap/constant/AuthenticationScheme.java b/src/main/java/de/ids_mannheim/korap/constant/AuthenticationScheme.java
index e3068f7..8d1306b 100644
--- a/src/main/java/de/ids_mannheim/korap/constant/AuthenticationScheme.java
+++ b/src/main/java/de/ids_mannheim/korap/constant/AuthenticationScheme.java
@@ -1,6 +1,6 @@
package de.ids_mannheim.korap.constant;
-import org.apache.commons.lang.WordUtils;
+import org.apache.commons.text.WordUtils;
/**
* Lists possible authentication schemes used in the Authorization
diff --git a/src/main/java/de/ids_mannheim/korap/constant/QueryType.java b/src/main/java/de/ids_mannheim/korap/constant/QueryType.java
index 5251bde..4967905 100644
--- a/src/main/java/de/ids_mannheim/korap/constant/QueryType.java
+++ b/src/main/java/de/ids_mannheim/korap/constant/QueryType.java
@@ -1,6 +1,6 @@
package de.ids_mannheim.korap.constant;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
public enum QueryType {
diff --git a/src/main/java/de/ids_mannheim/korap/constant/TokenType.java b/src/main/java/de/ids_mannheim/korap/constant/TokenType.java
index d238ac2..bc9205c 100644
--- a/src/main/java/de/ids_mannheim/korap/constant/TokenType.java
+++ b/src/main/java/de/ids_mannheim/korap/constant/TokenType.java
@@ -1,6 +1,6 @@
package de.ids_mannheim.korap.constant;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import de.ids_mannheim.korap.security.context.TokenContext;
@@ -23,4 +23,4 @@
public String displayName () {
return StringUtils.capitalize(name().toLowerCase());
}
-}
\ No newline at end of file
+}
diff --git a/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java b/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java
index 610f69c..1ac773b 100644
--- a/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java
+++ b/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java
@@ -7,7 +7,7 @@
import org.apache.commons.codec.EncoderException;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.RandomStringUtils;
+import org.apache.commons.lang3.RandomStringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mindrot.jbcrypt.BCrypt;
diff --git a/src/main/java/de/ids_mannheim/korap/encryption/RandomCodeGenerator.java b/src/main/java/de/ids_mannheim/korap/encryption/RandomCodeGenerator.java
index e6ff6e0..ba1abbe 100644
--- a/src/main/java/de/ids_mannheim/korap/encryption/RandomCodeGenerator.java
+++ b/src/main/java/de/ids_mannheim/korap/encryption/RandomCodeGenerator.java
@@ -10,7 +10,7 @@
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
diff --git a/src/main/java/de/ids_mannheim/korap/utils/StringUtils.java b/src/main/java/de/ids_mannheim/korap/utils/StringUtils.java
index dd6259a..2272059 100644
--- a/src/main/java/de/ids_mannheim/korap/utils/StringUtils.java
+++ b/src/main/java/de/ids_mannheim/korap/utils/StringUtils.java
@@ -1,6 +1,6 @@
package de.ids_mannheim.korap.utils;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -119,11 +119,11 @@
}
public static String normalizeHTML (String value) {
- return StringEscapeUtils.escapeHtml(value);
+ return StringEscapeUtils.escapeHtml4(value);
}
public static String decodeHTML (String value) {
- return StringEscapeUtils.unescapeHtml(value);
+ return StringEscapeUtils.unescapeHtml4(value);
}
public static String getDocSigle (String textSigle) {