[Bug] upgrade to commons-validator:commons-validator:1.10.0 #10070
Description
Before Creating the Bug Report
-
I found a bug, not just asking a question, which should be created in GitHub Discussions.
-
I have searched the GitHub Issues and GitHub Discussions of this repository and believe that this is not a duplicate.
-
I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ.
Runtime platform environment
Ubuntu
RocketMQ version
develop
JDK Version
No response
Describe the Bug
This is caused by CVE-2025-48734, this poses a security risk and should be remediated.
Steps to Reproduce
take dependency tree to see dependencies and see affected version,
commonsbeanutils:commonsbeanutils:1.9.4, which is being pulled in by commons-validator:commons-validator:1.7.0.
What Did You Expect to See?
For the CVE to be remediated we need to see commons-beanutils:commons-beanutils:1.11.0.
What Did You See Instead?
Instead we see commonsbeanutils:commonsbeanutils:1.9.4, being pulled in by commons-validator:commons-validator:1.7.0. commons-validator:commons-validator:1.10.0 version pulls in the remediated version thus we should be upgrading to this version.
Additional Context
No response