Skip to content

[release-23.0] Resolve commons-lang vulnerability in Java driver (#18768)#18797

Merged
systay merged 1 commit intorelease-23.0from
backport-18768-to-release-23.0
Oct 27, 2025
Merged

[release-23.0] Resolve commons-lang vulnerability in Java driver (#18768)#18797
systay merged 1 commit intorelease-23.0from
backport-18768-to-release-23.0

Conversation

@vitess-bot
Copy link
Contributor

@vitess-bot vitess-bot bot commented Oct 24, 2025

Description

This is a backport of #18768

@vitess-bot @vitess-bot
Resolve commons-lang vulnerability in Java driver (#18768)
0f64a8e 
Signed-off-by: Tim Vaillancourt <tim@timvaillancourt.com>
@vitess-bot vitess-bot bot added the Backport This is a backport label Oct 24, 2025
@vitess-bot vitess-bot bot requested a review from harshit-gangal as a code owner October 24, 2025 13:13
@vitess-bot vitess-bot bot added Component: Java Pull requests that update Java code Type: Dependencies Dependency updates Type: Security labels Oct 24, 2025
@vitess-bot vitess-bot bot requested a review from frouioui October 24, 2025 13:14
@vitess-bot
Copy link
Contributor Author

vitess-bot bot commented Oct 24, 2025

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

  • Ensure that the Pull Request has a descriptive title.
  • Ensure there is a link to an issue (except for internal cleanup and flaky test fixes), new features should have an RFC that documents use cases and test cases.

Tests

  • Bug fixes should have at least one unit or end-to-end test, enhancement and new features should have a sufficient number of tests.

Documentation

  • Apply the release notes (needs details) label if users need to know about this change.
  • New features should be documented.
  • There should be some code comments as to why things are implemented the way they are.
  • There should be a comment at the top of each new or modified test to explain what the test does.

New flags

  • Is this flag really necessary?
  • Flag names must be clear and intuitive, use dashes (-), and have a clear help text.

If a workflow is added or modified:

  • Each item in Jobs should be named in order to mark it as required.
  • If the workflow needs to be marked as required, the maintainer team must be notified.

Backward compatibility

  • Protobuf changes should be wire-compatible.
  • Changes to _vt tables and RPCs need to be backward compatible.
  • RPC changes should be compatible with vitess-operator
  • If a flag is removed, then it should also be removed from vitess-operator and arewefastyet, if used there.
  • vtctl command output order should be stable and awk-able.

@vitess-bot vitess-bot bot requested a review from timvaillancourt October 24, 2025 13:14
@github-actions github-actions bot added this to the v23.0.0 milestone Oct 24, 2025
@timvaillancourt timvaillancourt enabled auto-merge (squash) October 27, 2025 15:00
@systay systay merged commit 863fb11 into release-23.0 Oct 27, 2025
106 of 111 checks passed
@systay systay deleted the backport-18768-to-release-23.0 branch October 27, 2025 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timvaillancourt timvaillancourt timvaillancourt approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

@harshit-gangal harshit-gangal Awaiting requested review from harshit-gangal harshit-gangal is a code owner

@frouioui frouioui Awaiting requested review from frouioui

Assignees

No one assigned

Labels

Backport This is a backport Component: Java Pull requests that update Java code Type: Dependencies Dependency updates Type: Security

Projects

None yet

Milestone

v23.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@timvaillancourt @systay