Aquileo | Recent changes to patcheshttps://sourceforge.net/p/yajsw/patches/Recent changes to patchesenThu, 25 Sep 2025 09:18:15 -0000Aquileo | #38 YAJSW v13.x: commons-lang3 & commons-lang vulnerabilityhttps://sourceforge.net/p/yajsw/patches/38/?limit=25#bc75<div class="markdown_content"><p>thanks for pointing this out.<br/> something went wrong during the packing of the zip file.</p> <p>release 13.17</p></div>rzoThu, 25 Sep 2025 09:18:15 -0000https://sourceforge.net9980dba793b02d6b48a3de9d5dc29b09e5d44ce9Aquileo | #39 Netty* v4.1.118 vulnerabilityhttps://sourceforge.net/p/yajsw/patches/39/?limit=25#2f95<div class="markdown_content"><ul> <li><strong>status</strong>: open --&gt; closed-fixed</li> </ul></div>rzoThu, 25 Sep 2025 09:16:36 -0000https://sourceforge.netb32b87b3606cd11a796ff1fb96021b9606d66d81Aquileo | #38 YAJSW v13.x: commons-lang3 & commons-lang vulnerabilityhttps://sourceforge.net/p/yajsw/patches/38/?limit=25#b58e<div class="markdown_content"><p>Hi rzo -</p> <p>Thank you for patching for v13.x. I unzipped release v13.16 but these two libs are not patched still:</p> <p>inflating: yajsw-stable-13.16/lib/core/commons/commons-lang-2.6.jar<br/> inflating: yajsw-stable-13.16/lib/core/commons/commons-lang3-3.12.0.jar</p> <p>Thank you agian. </p></div>A YarboroughTue, 23 Sep 2025 19:22:55 -0000https://sourceforge.net0e2c9cc2a06ee3b4ae3a3fb3077b58182f55863bAquileo | #39 Netty* v4.1.118 vulnerabilityhttps://sourceforge.net/p/yajsw/patches/39/?limit=25#d976<div class="markdown_content"><p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-55163</a><br/> <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58056</a><br/> <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58057</a></p></div>REVATHI VTue, 23 Sep 2025 09:30:04 -0000https://sourceforge.net8f8e2a9e6d8645c28a5bd0eade6927df096c2f22Aquileo | Netty* v4.1.118 vulnerabilityhttps://sourceforge.net/p/yajsw/patches/39/<div class="markdown_content"><p>Details of the Issue<br/> CVE ID: CVE-2025-58057, CVE-2025-58056 <br/> Affected Yajsw Version:13.5<br/> Vulnerable Dependency: netty* v4.1.118<br/> Impact: <br/> <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58056</a><br/> <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2025-58057</a></p></div>REVATHI VTue, 23 Sep 2025 09:22:25 -0000https://sourceforge.neta842269a3baa6d162bc25d4eac141003671686e1Aquileo | Netty* v4.1.118 vulnerabilityhttps://sourceforge.net/p/yajsw/patches/39/<div class="markdown_content"><p>Ticket 39 has been modified: Netty* v4.1.118 vulnerability<br/> Edited By: rzo (rzorzorzo)<br/> Status updated: 'open' =&gt; 'closed-fixed'</p></div>REVATHI VTue, 23 Sep 2025 09:22:25 -0000https://sourceforge.netfdb7d22cf3cdb15b8a1192be604829243ffbfa37Aquileo | #36 netty-common-4.1.114.Final vulnerabilityhttps://sourceforge.net/p/yajsw/patches/36/?limit=25#b139<div class="markdown_content"><ul> <li><strong>status</strong>: open-accepted --&gt; closed-fixed</li> </ul></div>rzoFri, 19 Sep 2025 07:04:28 -0000https://sourceforge.netedbd29e4ff59d539d994d1acfa1032c734569945Aquileo | #37 commons-vfs2-2.9.0.jar Vulnerabilitieshttps://sourceforge.net/p/yajsw/patches/37/?limit=25#ba1c<div class="markdown_content"><ul> <li><strong>status</strong>: open-accepted --&gt; closed-fixed</li> </ul></div>rzoFri, 19 Sep 2025 07:03:37 -0000https://sourceforge.neta9d923d1b56757fd857683c671e3b7eb1894f9b0Aquileo | #38 YAJSW v13.x: commons-lang3 & commons-lang vulnerabilityhttps://sourceforge.net/p/yajsw/patches/38/?limit=25#6d2b<div class="markdown_content"><ul> <li><strong>status</strong>: open --&gt; closed-fixed</li> </ul></div>rzoFri, 19 Sep 2025 07:01:51 -0000https://sourceforge.net913e46997035dfaf85817dc0b73f6753b84c06a8Aquileo | YAJSW v13.x: commons-lang3 & commons-lang vulnerabilityhttps://sourceforge.net/p/yajsw/patches/38/<div class="markdown_content"><p>JRE8 continues to roll in patches so we haven't been able to move away from it.<br/> Would you please continue to patch 3rd party libs used in yajsw v13.x?</p> <p>CVE-2025-48924 have been issued for:<br/> 1. commons-lang3-3.12.0.jar vulnerability<br/> 2. commons-lang-2.6.jar vulnerability</p> <p>Found with: yajsw v13.15 :<br/> - yajsw\lib\core\commons\commons-lang3-3.12.0.jar<br/> - yajsw\lib\core\commons\commons-lang-2.6.jar</p> <p>Whitesource (Mend) Scan as of 8/26/2025:<br/> <strong>CVE-2025-48924</strong> <br/> CVSS 3 Score: 5.3 (Severity: Medium)<br/> "Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue."</p></div>A YarboroughTue, 26 Aug 2025 17:57:04 -0000https://sourceforge.nete8cbafca5c599c6529ce0da8fe0a84e4bfc27698