From 553fee0a251e4622fe1a871c3bfa5db7121830fb Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan Date: Tue, 3 Feb 2026 02:45:13 -0500 Subject: [PATCH] Upgrade commons-lang3 to fix CVE-2025-48924 Replace vulnerable commons-lang3 3.16.0 with fixed version 3.18.0 to resolve CVE-2025-48924 (CVSS 6.5 Medium). Image now has 0 vulnerabilities across all severity levels. Co-Authored-By: Claude Opus 4.5 --- Dockerfile.android | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile.android b/Dockerfile.android index 19268d7..306c327 100644 --- a/Dockerfile.android +++ b/Dockerfile.android @@ -28,7 +28,12 @@ RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \ "platforms;android-${ANDROID_COMPILE_SDK}" \ "build-tools;${ANDROID_BUILD_TOOLS}" && \ # Remove lint-psi to eliminate protobuf-java 2.6.1 CVEs (saves 86MB) - rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi" + rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi" && \ + # Upgrade commons-lang3 from 3.16.0 to 3.18.0 to fix CVE-2025-48924 + rm -f "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.16.0/commons-lang3-3.16.0.jar" && \ + mkdir -p "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0" && \ + curl -fsSL "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar" \ + -o "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar" # Clone Flutter SDK from git (supports both amd64 and arm64) RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \