SmartClient uses Apache Commons Lang. Current there is a security vulnerability in Apache Commons Lang. The fix is in the version of 3.18.0. Please see https://mvnrepository.com/artifact/c...g/commons-lang
https://mvnrepository.com/artifact/o...s-lang3/3.17.0
I checked SmartClient_v141p_2025-05-16_Enterprise.zip. It uses commons-lang3-3.11.jar and ommons-lang-2.6.jar. I have following questions.
1. Why two versions of Apache Common Lang are used?
2. Is SmartClient vulnerable to CVE-2025-48924?
3. Is there a plan to have a new release without the vulnerable jars?
https://mvnrepository.com/artifact/o...s-lang3/3.17.0
I checked SmartClient_v141p_2025-05-16_Enterprise.zip. It uses commons-lang3-3.11.jar and ommons-lang-2.6.jar. I have following questions.
1. Why two versions of Apache Common Lang are used?
2. Is SmartClient vulnerable to CVE-2025-48924?
3. Is there a plan to have a new release without the vulnerable jars?
Comment