'org.apache.commons:commons-lang3' is a direct dependency of module '
debezium-connector-postgres' and it is affected by CVE-2025-48924
**

CVE description:

Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inputs. Because an error is usually not handled by applications and libraries, a `StackOverflowError` could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue. This issue affects commons-lang:commons-lang versions 2.0 through 2.6, and org.apache.commons:commons-lang3 versions 3.0 through 3.17.0.

Bug report

NA

What Debezium connector do you use and what version?

DBZ 3.3.1

What is the connector configuration?

NA

What is the captured database version and mode of deployment?

(E.g. on-premises, with a specific cloud provider, etc.)

NA

What behavior do you expect?

NA

What behavior do you see?

NA

Do you see the same behaviour using the latest released Debezium version?

(Ideally, also verify with latest Alpha/Beta/CR version)

NA

Do you have the connector logs, ideally from start till finish?

(You might be asked later to provide DEBUG/TRACE level log)

NA

How to reproduce the issue using our tutorial deployment?

NA

Feature request or enhancement

For feature requests or enhancements, provide this information, please:

NA

Which use case/requirement will be addressed by the proposed feature?

NA

Implementation ideas (optional)

NA