From 640db1d74f0134f3865505b4fb0f08108e1783c8 Mon Sep 17 00:00:00 2001
From: Jialiang Liang <jiallian@amazon.com>
Date: Sat, 25 Oct 2025 16:22:49 -0700
Subject: [PATCH] Fix CVE-2025-48924

Signed-off-by: Jialiang Liang <jiallian@amazon.com>
---
 build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/build.gradle b/build.gradle
index 50921553725..11243e54df4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -149,6 +149,9 @@ allprojects {
         resolutionStrategy.force 'org.apache.commons:commons-text:1.11.0'
         resolutionStrategy.force 'commons-io:commons-io:2.15.0'
         resolutionStrategy.force 'org.yaml:snakeyaml:2.2'
+        resolutionStrategy.dependencySubstitution {
+            substitute module('commons-lang:commons-lang') using module('org.apache.commons:commons-lang3:3.18.0') because 'CVE-2025-48924: commons-lang 2.x vulnerable to StackOverflowError'
+        }
     }
 }