From 40cc2f62e3e5d48cb8df316e26427d8b1089f5f3 Mon Sep 17 00:00:00 2001
From: subratadeypappu <subrata@appsmith.com>
Date: Mon, 15 Sep 2025 17:14:04 +0600
Subject: [PATCH] fix: CVE-2025-48734 (#41223)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._


Fixes CVE-2025-48734

## Automation

/ok-to-test tags="@tag.Sanity"

### :mag: Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17723760561>
> Commit: d71d66e99980b66d47ed0f29311a62f915b00caf
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17723760561&attempt=4"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Mon, 15 Sep 2025 08:40:18 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Upgraded the underlying input validation library to a newer version
across server components to incorporate upstream fixes and improvements.
* Improves overall stability and security with no expected changes to
user-facing behavior.
* Ensures continued compatibility with modern environments and reduces
maintenance risks.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---
 app/server/appsmith-interfaces/pom.xml | 2 +-
 app/server/appsmith-server/pom.xml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/server/appsmith-interfaces/pom.xml b/app/server/appsmith-interfaces/pom.xml
index 1d9822a7e2..6eb99b0cd5 100644
--- a/app/server/appsmith-interfaces/pom.xml
+++ b/app/server/appsmith-interfaces/pom.xml
@@ -126,7 +126,7 @@
         <dependency>
             <groupId>commons-validator</groupId>
             <artifactId>commons-validator</artifactId>
-            <version>1.7</version>
+            <version>1.10.0</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
diff --git a/app/server/appsmith-server/pom.xml b/app/server/appsmith-server/pom.xml
index 6c628bd811..bdab0a8965 100644
--- a/app/server/appsmith-server/pom.xml
+++ b/app/server/appsmith-server/pom.xml
@@ -185,7 +185,7 @@
         <dependency>
             <groupId>commons-validator</groupId>
             <artifactId>commons-validator</artifactId>
-            <version>1.7</version>
+            <version>1.10.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>