Skip to content

3.1.1 Fixes for vulnerabilities CVE-2025-48924 and CVE-2025-49146

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 26 Aug 12:24
3.1.1
c57c662
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release fixes the following vulnerabilities:

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVE: CVE-2025-48924
CWE: CWE-674

References

CVE-2025-49146 (CWE-287) in dependency org.postgresql:postgresql:jar:42.7.6:compile

postgresql - Improper Authentication

CVE: CVE-2025-49146
CWE: CWE-287

References

Security

  • #86: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.16.0:test
  • #85: Fixed vulnerability CVE-2025-49146 in dependency org.postgresql:postgresql:jar:42.7.6:compile

Dependency Updates

Compile Dependency Updates

  • Updated org.postgresql:postgresql:42.7.6 to 42.7.7

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.1.5 to 7.1.7

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.4
  • Updated com.exasol:project-keeper-maven-plugin:5.1.0 to 5.2.3
Assets 6
Loading