Skip to content

MLE-23227 - Force v3.18 of commons-lang to fix CVE #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 5, 2025
Merged

MLE-23227 - Force v3.18 of commons-lang to fix CVE #203

merged 1 commit into from
Aug 5, 2025

Conversation

@BillFarber
Copy link
Contributor

@BillFarber BillFarber commented Aug 4, 2025
edited
Loading

I ran the automated tests as well as the manual tests with the Docker containers running the Confluence environment.

@BillFarber BillFarber requested a review from rjrudin as a code owner August 4, 2025 23:58
Copilot AI reviewed Aug 4, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates a dependency to force the use of commons-lang version 3.18 to address a security vulnerability (CVE). However, the only visible change in the provided diff is a documentation update that corrects a database name reference in the CONTRIBUTING.md file.

  • Updates documentation to reference the correct database name (data-hub-FINAL instead of kafka-test-content)

CONTRIBUTING.md

You can then verify that data is being written to MarkLogic by using MarkLogic's qconsole application to inspect the
contents of the `kafka-test-content` database.
contents of the `data-hub-FINAL` database.
Copy link

Copilot AI Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title indicates this change is about forcing commons-lang v3.18 to fix a CVE, but the only visible change is a database name correction in documentation. This creates confusion about the actual purpose of the PR. Consider updating the PR title to reflect the documentation fix, or ensure the dependency changes are included in the diff.

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@rjrudin rjrudin Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this because we switched the test-app to be a DHF test app? If so, there are a few more references to "kafka-test-content" in the codebase to change.

@BillFarber BillFarber changed the title Force v3.18 of commons-lang to fix CVE MLE-23227 - Force v3.18 of commons-lang to fix CVE Aug 4, 2025
stevebio
stevebio approved these changes Aug 5, 2025
View reviewed changes
Copy link

@stevebio stevebio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks ok.

rjrudin
rjrudin approved these changes Aug 5, 2025
View reviewed changes
Copy link
Contributor

@rjrudin rjrudin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that there are a few dozen more issues reported by Black Duck. Can you open a ticket to address those as well? We'll need all of them addressed or to have an exception for them in order to get a release out with this fix.

CONTRIBUTING.md

You can then verify that data is being written to MarkLogic by using MarkLogic's qconsole application to inspect the
contents of the `kafka-test-content` database.
contents of the `data-hub-FINAL` database.
Copy link
Contributor

@rjrudin rjrudin Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this because we switched the test-app to be a DHF test app? If so, there are a few more references to "kafka-test-content" in the codebase to change.

@BillFarber
Force v3.18 of commons-lang to fix CVE
327f545 
Updates some old references to kafka-test-content.
@BillFarber BillFarber force-pushed the task/bumpCommonsLang branch from ef9420b to 327f545 Compare August 5, 2025 14:59
@BillFarber BillFarber merged commit 6f70d03 into marklogic:develop Aug 5, 2025
2 checks passed
@BillFarber BillFarber deleted the task/bumpCommonsLang branch August 5, 2025 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stevebio stevebio stevebio approved these changes

@rjrudin rjrudin rjrudin approved these changes

@anu3990 anu3990 Awaiting requested review from anu3990

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BillFarber @stevebio @rjrudin