An update for apache-commons-lang3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1929 Final 1.0 1.0 2025-08-01 Initial 2025-08-01 2025-08-01 openEuler SA Tool V1.0 2025-08-01 apache-commons-lang3 security update An update for apache-commons-lang3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2 The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. Lang provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical methods, object reflection, concurrency, creation and serialization and System properties. Additionally it contains basic enhancements to java.util.Date and a series of utilities dedicated to help with building methods, such as hashCode, toString and equals. Note that Lang 3.0 (and subsequent versions) use a different package (org.apache.commons.lang3) than the previous versions (org.apache.commons.lang), allowing it to be used at the same time as an earlier version. Security Fix(es): A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability.(CVE-2025-48924) An update for apache-commons-lang3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium apache-commons-lang3 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1929 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48924 https://nvd.nist.gov/vuln/detail/CVE-2025-48924 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 apache-commons-lang3-3.18.0-1.oe2003sp4.noarch.rpm apache-commons-lang3-help-3.18.0-1.oe2003sp4.noarch.rpm apache-commons-lang3-3.18.0-1.oe2203sp3.noarch.rpm apache-commons-lang3-help-3.18.0-1.oe2203sp3.noarch.rpm apache-commons-lang3-3.18.0-1.oe2203sp4.noarch.rpm apache-commons-lang3-help-3.18.0-1.oe2203sp4.noarch.rpm apache-commons-lang3-3.18.0-1.oe2403.noarch.rpm apache-commons-lang3-help-3.18.0-1.oe2403.noarch.rpm apache-commons-lang3-3.18.0-1.oe2403sp1.noarch.rpm apache-commons-lang3-help-3.18.0-1.oe2403sp1.noarch.rpm apache-commons-lang3-3.18.0-1.oe2403sp2.noarch.rpm apache-commons-lang3-help-3.18.0-1.oe2403sp2.noarch.rpm apache-commons-lang3-3.18.0-1.oe2003sp4.src.rpm apache-commons-lang3-3.18.0-1.oe2203sp3.src.rpm apache-commons-lang3-3.18.0-1.oe2203sp4.src.rpm apache-commons-lang3-3.18.0-1.oe2403.src.rpm apache-commons-lang3-3.18.0-1.oe2403sp1.src.rpm apache-commons-lang3-3.18.0-1.oe2403sp2.src.rpm A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability. 2025-08-01 CVE-2025-48924 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L apache-commons-lang3 security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1929