SpringBoot Missed bump update on commons-lang3 - 3.1.18 and 3.1.19

The CVE is relatively new 2 mois. https://www.cve.org/CVERecord?id=CVE-2025-48924. As you guys forgot to bump to 3.1.18 then 3.1.19, I was wondering if it hasn't been missed due to the use of properties for some others properties.

https://github.com/spring-projects/spring-boot/blob/27d6579573373927bac5179fe85b7ddb5b5a6e4e/spring-boot-project/spring-boot-dependencies/build.gradle#L239-L249

Thanks for your great work.

Comment From: wilkinsona

Duplicates https://github.com/spring-projects/spring-boot/issues/46437. main (Boot 4.0) will be upgraded to 3.19.0 in due course.