Updated commons-lang3 to address CVE (#297)

DovOps · web-flow · commit 7ca85cc4071c · 2025-07-21T17:11:43.000+03:00
diff --git a/account-service/build.gradle b/account-service/build.gradle
@@ -32,6 +32,9 @@ dependencies {
     }
     implementation 'ch.qos.logback:logback-classic:1.5.18' // Ensure compatibility
 
+    // Override commons-lang3 to fix CVE-2025-48924
+    implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }
 
diff --git a/position-service/build.gradle b/position-service/build.gradle
@@ -30,6 +30,9 @@ dependencies {
     }
     implementation 'ch.qos.logback:logback-classic:1.5.18' // Ensure compatibility
 
+    // Override commons-lang3 to fix CVE-2025-48924
+    implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }
 
diff --git a/trade-processor/build.gradle b/trade-processor/build.gradle
@@ -42,6 +42,9 @@ dependencies {
     }
     implementation 'ch.qos.logback:logback-classic:1.5.18' // Ensure compatibility
 
+    // Override commons-lang3 to fix CVE-2025-48924
+    implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }
 
diff --git a/trade-service/build.gradle b/trade-service/build.gradle
@@ -47,6 +47,9 @@ dependencies {
     // Override okhttp and okio versions to address vulnerabilities
     implementation 'com.squareup.okhttp3:okhttp:4.12.0' // Suggested version
 
+    // Override commons-lang3 to fix CVE-2025-48924
+    implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }
 

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,9 @@ dependencies {`
`32`	`32`	`}`
`33`	`33`	`implementation 'ch.qos.logback:logback-classic:1.5.18' // Ensure compatibility`
`34`	`34`
	`35`	`+ // Override commons-lang3 to fix CVE-2025-48924`
	`36`	`+ implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924`
	`37`	`+`
`35`	`38`	`testImplementation 'org.springframework.boot:spring-boot-starter-test'`
`36`	`39`	`}`
`37`	`40`
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,9 @@ dependencies {`
`30`	`30`	`}`
`31`	`31`	`implementation 'ch.qos.logback:logback-classic:1.5.18' // Ensure compatibility`
`32`	`32`
	`33`	`+ // Override commons-lang3 to fix CVE-2025-48924`
	`34`	`+ implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924`
	`35`	`+`
`33`	`36`	`testImplementation 'org.springframework.boot:spring-boot-starter-test'`
`34`	`37`	`}`
`35`	`38`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,9 @@ dependencies {`
`42`	`42`	`}`
`43`	`43`	`implementation 'ch.qos.logback:logback-classic:1.5.18' // Ensure compatibility`
`44`	`44`
	`45`	`+ // Override commons-lang3 to fix CVE-2025-48924`
	`46`	`+ implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924`
	`47`	`+`
`45`	`48`	`testImplementation 'org.springframework.boot:spring-boot-starter-test'`
`46`	`49`	`}`
`47`	`50`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,9 @@ dependencies {`
`47`	`47`	`// Override okhttp and okio versions to address vulnerabilities`
`48`	`48`	`implementation 'com.squareup.okhttp3:okhttp:4.12.0' // Suggested version`
`49`	`49`
	`50`	`+ // Override commons-lang3 to fix CVE-2025-48924`
	`51`	`+ implementation 'org.apache.commons:commons-lang3:3.18.0' // Latest version to fix CVE-2025-48924`
	`52`	`+`
`50`	`53`	`testImplementation 'org.springframework.boot:spring-boot-starter-test'`
`51`	`54`	`}`
`52`	`55`