Aquileo | Recent changes to patcheshttps://sourceforge.net/p/yajsw/patches/2025-09-25T09:18:15.356000ZRecent changes to patchesAquileo | #38 YAJSW v13.x: commons-lang3 & commons-lang vulnerability2025-09-25T09:18:15.356000Z2025-09-25T09:18:15.356000Zrzohttps://sourceforge.net/u/rzorzorzo/https://sourceforge.net9980dba793b02d6b48a3de9d5dc29b09e5d44ce9<div class="markdown_content"><p>thanks for pointing this out.<br/>
something went wrong during the packing of the zip file.</p>
<p>release 13.17</p></div>Aquileo | #39 Netty* v4.1.118 vulnerability2025-09-25T09:16:36.872000Z2025-09-25T09:16:36.872000Zrzohttps://sourceforge.net/u/rzorzorzo/https://sourceforge.netb32b87b3606cd11a796ff1fb96021b9606d66d81<div class="markdown_content"><ul>
<li><strong>status</strong>: open --> closed-fixed</li>
</ul></div>Aquileo | #38 YAJSW v13.x: commons-lang3 & commons-lang vulnerability2025-09-23T19:22:55.601000Z2025-09-23T19:22:55.601000ZA Yarboroughhttps://sourceforge.net/u/ayarborough/https://sourceforge.net0e2c9cc2a06ee3b4ae3a3fb3077b58182f55863b<div class="markdown_content"><p>Hi rzo -</p>
<p>Thank you for patching for v13.x. I unzipped release v13.16 but these two libs are not patched still:</p>
<p>inflating: yajsw-stable-13.16/lib/core/commons/commons-lang-2.6.jar<br/>
inflating: yajsw-stable-13.16/lib/core/commons/commons-lang3-3.12.0.jar</p>
<p>Thank you agian. </p></div>Aquileo | #39 Netty* v4.1.118 vulnerability2025-09-23T09:30:04.036000Z2025-09-23T09:30:04.036000ZREVATHI Vhttps://sourceforge.net/u/revathiv/https://sourceforge.net8f8e2a9e6d8645c28a5bd0eade6927df096c2f22<div class="markdown_content"><p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-55163</a><br/>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58056</a><br/>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58057</a></p></div>Aquileo | Netty* v4.1.118 vulnerability2025-09-23T09:22:25.195000Z2025-09-23T09:22:25.195000ZREVATHI Vhttps://sourceforge.net/u/revathiv/https://sourceforge.neta842269a3baa6d162bc25d4eac141003671686e1<div class="markdown_content"><p>Details of the Issue<br/>
CVE ID: CVE-2025-58057, CVE-2025-58056 <br/>
Affected Yajsw Version:13.5<br/>
Vulnerable Dependency: netty* v4.1.118<br/>
Impact: <br/>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58056</a><br/>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58057</a></p></div>Aquileo | Netty* v4.1.118 vulnerability2025-09-23T09:22:25.195000Z2025-09-23T09:22:25.195000ZREVATHI Vhttps://sourceforge.net/u/revathiv/https://sourceforge.netfdb7d22cf3cdb15b8a1192be604829243ffbfa37<div class="markdown_content"><p>Ticket 39 has been modified: Netty* v4.1.118 vulnerability<br/>
Edited By: rzo (rzorzorzo)<br/>
Status updated: 'open' => 'closed-fixed'</p></div>Aquileo | #36 netty-common-4.1.114.Final vulnerability2025-09-19T07:04:28.381000Z2025-09-19T07:04:28.381000Zrzohttps://sourceforge.net/u/rzorzorzo/https://sourceforge.netedbd29e4ff59d539d994d1acfa1032c734569945<div class="markdown_content"><ul>
<li><strong>status</strong>: open-accepted --> closed-fixed</li>
</ul></div>Aquileo | #37 commons-vfs2-2.9.0.jar Vulnerabilities2025-09-19T07:03:37.725000Z2025-09-19T07:03:37.725000Zrzohttps://sourceforge.net/u/rzorzorzo/https://sourceforge.neta9d923d1b56757fd857683c671e3b7eb1894f9b0<div class="markdown_content"><ul>
<li><strong>status</strong>: open-accepted --> closed-fixed</li>
</ul></div>Aquileo | #38 YAJSW v13.x: commons-lang3 & commons-lang vulnerability2025-09-19T07:01:51.822000Z2025-09-19T07:01:51.822000Zrzohttps://sourceforge.net/u/rzorzorzo/https://sourceforge.net913e46997035dfaf85817dc0b73f6753b84c06a8<div class="markdown_content"><ul>
<li><strong>status</strong>: open --> closed-fixed</li>
</ul></div>Aquileo | YAJSW v13.x: commons-lang3 & commons-lang vulnerability2025-08-26T17:57:04.098000Z2025-08-26T17:57:04.098000ZA Yarboroughhttps://sourceforge.net/u/ayarborough/https://sourceforge.nete8cbafca5c599c6529ce0da8fe0a84e4bfc27698<div class="markdown_content"><p>JRE8 continues to roll in patches so we haven't been able to move away from it.<br/>
Would you please continue to patch 3rd party libs used in yajsw v13.x?</p>
<p>CVE-2025-48924 have been issued for:<br/>
1. commons-lang3-3.12.0.jar vulnerability<br/>
2. commons-lang-2.6.jar vulnerability</p>
<p>Found with: yajsw v13.15 :<br/>
- yajsw\lib\core\commons\commons-lang3-3.12.0.jar<br/>
- yajsw\lib\core\commons\commons-lang-2.6.jar</p>
<p>Whitesource (Mend) Scan as of 8/26/2025:<br/>
<strong>CVE-2025-48924</strong> <br/>
CVSS 3 Score: 5.3 (Severity: Medium)<br/>
"Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue."</p></div>