[Renovate] Update dependency org.apache.commons:commons-configuration2 to v2.15.0 [SECURITY]

[appsec-renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
org.apache.commons:commons-configuration2 (source)	dependencies	minor	2.13.0 → 2.15.0

---

Apache Commons Configuration: StackOverflowError for YAML input with cycles

CVE-2026-45205 / GHSA-337m-mw94-2v6g

More information

Details

Uncontrolled Recursion vulnerability in Apache Commons.

When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles.
This issue affects Apache Commons: from 2.2 before 2.15.0.

Users are recommended to upgrade to version 2.15.0, which fixes the issue.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-45205
• https://github.com/apache/commons-configuration/pull/634
• https://github.com/apache/commons-configuration
• https://lists.apache.org/thread/q3q3j10ohcqhs6o0rg1v7kz6kk27vtkk
• http://www.openwall.com/lists/oss-security/2026/05/14/5

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.