Skip to content

Remove unused commons-lang dependency #4654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merlimat merged 3 commits into from
Aug 21, 2025
Merged

Remove unused commons-lang dependency #4654

merlimat merged 3 commits into from
Aug 21, 2025

Conversation

@merlimat
Copy link
Contributor

@merlimat merlimat commented Aug 20, 2025

Motivation

commons-lang is an unused depenency (already replaced with commons-lang3 in the codebase) that is still getting included as a dependency for BK.

There is a CVE open in common-lang 2.6:

│ commons-lang:commons-lang                                   │ CVE-2025-48924 │ MEDIUM   │          │ 2.6               │                            │ commons-lang/commons-lang: org.apache.commons/commons-lang3: │
│ (commons-lang-commons-lang-2.6.jar)                         │                │          │          │                   │                            │ Uncontrolled Recursion vulnerability in Apache Commons Lang  │
│                                                             │                │          │          │                   │                            │ https://avd.aquasec.com/nvd/cve-2025-48924                   │

Changes

(Describe: what changes you have made)

In order to uphold a high standard for quality for code contributions, Apache BookKeeper runs various precommit
checks for pull requests. A pull request can only be merged when it passes precommit checks.

Be sure to do all the following to help us incorporate your contribution
quickly and easily:

If this PR is a BookKeeper Proposal (BP):

  • Make sure the PR title is formatted like:
    <BP-#>: Description of bookkeeper proposal
    e.g. BP-1: 64 bits ledger is support
  • Attach the master issue link in the description of this PR.
  • Attach the google doc link if the BP is written in Google Doc.

Otherwise:

  • Make sure the PR title is formatted like:
    <Issue #>: Description of pull request
    e.g. Issue 123: Description ...
  • Make sure tests pass via mvn clean apache-rat:check install spotbugs:check.
  • Replace <Issue #> in the title with the actual Issue number.

@merlimat merlimat merged commit 2789316 into apache:master Aug 21, 2025
24 of 25 checks passed
merlimat added a commit that referenced this pull request Aug 21, 2025
@merlimat
Remove unused commons-lang dependency (#4654)
58c5521 
* Remove unused commons-lang dependency

* Removed from license files
priyanshu-ctds pushed a commit to datastax/bookkeeper that referenced this pull request Aug 29, 2025
@merlimat @priyanshu-ctds
Remove unused commons-lang dependency (apache#4654)
8339dbe 
* Remove unused commons-lang dependency

* Removed from license files

(cherry picked from commit 58c5521)
srinath-ctds pushed a commit to datastax/bookkeeper that referenced this pull request Aug 29, 2025
@merlimat @srinath-ctds
Remove unused commons-lang dependency (apache#4654)
e123b1f 
* Remove unused commons-lang dependency

* Removed from license files

(cherry picked from commit 58c5521)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rdhabalia rdhabalia rdhabalia approved these changes

@hangc0276 hangc0276 hangc0276 approved these changes

@lhotari lhotari Awaiting requested review from lhotari

@zymap zymap Awaiting requested review from zymap

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@merlimat @rdhabalia @hangc0276