Skip to content

[QUESTION] - Apache commons configuration爆出漏洞CVE-2025-46392,请问2.X什么时候可以升级依赖版本来解决 #4930

New issue
New issue
Open
Open
[QUESTION] - Apache commons configuration爆出漏洞CVE-2025-46392,请问2.X什么时候可以升级依赖版本来解决#4930
Labels
question
@colin-si

Description

@colin-si
colin-si
opened on Sep 6, 2025

Steps to reproduce (if applicable)

Apache commons configuration爆出漏洞CVE-2025-46392,请问2.X什么时候可以升级依赖版本来解决
https://nvd.nist.gov/vuln/detail/CVE-2025-46392

What have you tried so far?

尝试根据漏洞提示,主动控制Apache commons configuration版本,但是报出了大量的不兼容。需要社区正向适配切换configuration新版本来解决该漏洞。

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions