Skip to content

2.1.5 Fixes for vulnerabilities CVE-2025-22227 and CVE-2025-48924
Compare
Choose a tag to compare
@github-actions github-actions released this 01 Aug 11:08
· 1 commit to main since this release
2.1.5
7e60b12
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release fixes the following vulnerabilities:

CVE-2025-22227 (CWE-200) in dependency io.projectreactor.netty:reactor-netty-http:jar:1.0.48:compile

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

CVE: CVE-2025-22227
CWE: CWE-200

References

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVE: CVE-2025-48924
CWE: CWE-674

References

Security

  • #80: Fixed vulnerability CVE-2025-22227 in dependency io.projectreactor.netty:reactor-netty-http:jar:1.0.48:compile
  • #79: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Dependency Updates

Test Dependency Updates

  • Updated com.exasol:udf-debugging-java:0.6.14 to 0.6.17

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.4
  • Updated com.exasol:project-keeper-maven-plugin:5.1.0 to 5.2.3
Assets 6
Loading