KAFKA-19520 Bump Commons-Lang for CVE-2025-48924 (#20196)

Bump Commons-Lang for CVE-2025-48924.

Reviewers: Luke Chen <[email protected]>, Federico Valeri <[email protected]>

Author: wernerdv

LICENSE-binary

@@ -209,7 +209,7 @@ License Version 2.0:
 - commons-beanutils-1.11.0
 - commons-collections-3.2.2
 - commons-digester-2.1
-- commons-lang3-3.12.0
+- commons-lang3-3.18.0
 - commons-logging-1.3.5
 - commons-validator-1.9.0
 - jackson-annotations-2.16.2

build.gradle

@@ -199,7 +199,8 @@ allprojects {
           libs.scalaReflect,
           // Workaround before `commons-validator` has new release. See KAFKA-19359.
           libs.commonsBeanutils,
-          libs.jacksonAnnotations
+          libs.jacksonAnnotations,
+          libs.commonsLang
         )
       }
     }

gradle/dependencies.gradle

@@ -61,6 +61,7 @@ versions += [
   bndlib: "7.0.0",
   checkstyle: project.hasProperty('checkstyleVersion') ? checkstyleVersion : "10.20.2",
   commonsBeanutils: "1.11.0",
+  commonsLang: "3.18.0",
   commonsValidator: "1.9.0",
   classgraph: "4.8.173",
   gradle: "8.10.2",
@@ -150,6 +151,7 @@ libs += [
   caffeine: "com.github.ben-manes.caffeine:caffeine:$versions.caffeine",
   classgraph: "io.github.classgraph:classgraph:$versions.classgraph",
   commonsBeanutils: "commons-beanutils:commons-beanutils:$versions.commonsBeanutils",
+  commonsLang: "org.apache.commons:commons-lang3:$versions.commonsLang",
   commonsValidator: "commons-validator:commons-validator:$versions.commonsValidator",
   jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
   jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jackson",