--- velocity-1.7/pom.xml	2023-09-27 00:55:09.936941022 +0200
+++ velocity-1.7/pom.xml	2023-09-27 00:55:44.023830711 +0200
@@ -148,9 +148,9 @@
       <version>3.2.1</version>
     </dependency>
     <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-      <version>2.4</version>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-lang3</artifactId>
+      <version>3.9</version>
     </dependency>
     <dependency>
       <groupId>oro</groupId>
--- velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java	2023-09-27 00:55:09.973607930 +0200
+++ velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java	2023-09-27 00:55:44.023830711 +0200
@@ -19,7 +19,7 @@
  * under the License.    
  */
 
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 
 /**
  * Escape all HTML entities.
@@ -39,7 +39,7 @@
      */
     protected String escape(Object text)
     {
-        return StringEscapeUtils.escapeHtml(text.toString());
+        return StringEscapeUtils.escapeHtml4(text.toString());
     }
 
     /**
--- velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java	2023-09-27 00:55:09.973607930 +0200
+++ velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java	2023-09-27 00:55:44.023830711 +0200
@@ -19,7 +19,7 @@
  * under the License.    
  */
 
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 
 /**
  * Escapes the characters in a String to be suitable for use in JavaScript.
@@ -39,7 +39,7 @@
      */
     protected String escape(Object text)
     {
-        return StringEscapeUtils.escapeJavaScript(text.toString());
+        return StringEscapeUtils.escapeEcmaScript(text.toString());
     }
 
     /**
--- velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java	2023-09-27 00:55:09.973607930 +0200
+++ velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java	2023-09-27 00:55:44.023830711 +0200
@@ -19,7 +19,7 @@
  * under the License.    
  */
 
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * Escapes the characters in a String to be suitable to pass to an SQL query.
@@ -39,7 +39,8 @@
      */
     protected String escape(Object text)
     {
-        return StringEscapeUtils.escapeSql(text.toString());
+        // See https://commons.apache.org/proper/commons-lang/javadocs/api-2.6/org/apache/commons/lang/StringEscapeUtils.html#escapeSql(java.lang.String)
+        return StringUtils.replace(text.toString(), "'", "''");
     }
 
     /**
--- velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java	2023-09-27 00:55:09.973607930 +0200
+++ velocity-1.7/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java	2023-09-27 00:55:44.023830711 +0200
@@ -19,7 +19,7 @@
  * under the License.    
  */
 
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 
 /**
  * Escape all XML entities.
--- velocity-1.7/src/java/org/apache/velocity/runtime/directive/Block.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/directive/Block.java	2023-09-27 00:55:44.023830711 +0200
@@ -23,7 +23,7 @@
 import java.io.StringWriter;
 import java.io.Writer;
 
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.context.InternalContextAdapter;
 import org.apache.velocity.exception.TemplateInitException;
 import org.apache.velocity.runtime.Renderable;
--- velocity-1.7/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java	2023-09-27 00:55:44.027164066 +0200
@@ -23,7 +23,7 @@
 import java.io.Writer;
 import java.util.List;
 
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.context.InternalContextAdapter;
 import org.apache.velocity.exception.MethodInvocationException;
 import org.apache.velocity.exception.ParseErrorException;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java	2023-09-27 00:55:44.027164066 +0200
@@ -22,7 +22,7 @@
 import java.io.IOException;
 import java.io.Writer;
 
-import org.apache.commons.lang.builder.ToStringBuilder;
+import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.velocity.context.InternalContextAdapter;
 import org.apache.velocity.exception.MethodInvocationException;
 import org.apache.velocity.exception.ParseErrorException;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java	2023-09-27 00:55:44.027164066 +0200
@@ -21,8 +21,8 @@
 
 import java.lang.reflect.InvocationTargetException;
 
-import org.apache.commons.lang.ArrayUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.app.event.EventHandlerUtil;
 import org.apache.velocity.context.InternalContextAdapter;
 import org.apache.velocity.exception.MethodInvocationException;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java	2023-09-27 00:55:44.027164066 +0200
@@ -21,7 +21,7 @@
 import java.io.StringReader;
 import java.io.StringWriter;
 
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.context.InternalContextAdapter;
 import org.apache.velocity.exception.TemplateInitException;
 import org.apache.velocity.exception.VelocityException;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java	2023-09-27 00:55:44.027164066 +0200
@@ -19,7 +19,7 @@
  * under the License.    
  */
 
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.context.Context;
 import org.apache.velocity.exception.MethodInvocationException;
 import org.apache.velocity.runtime.parser.ParserConstants;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java	2023-09-27 00:55:44.027164066 +0200
@@ -21,7 +21,7 @@
 
 import java.lang.reflect.InvocationTargetException;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.exception.VelocityException;
 import org.apache.velocity.runtime.RuntimeLogger;
 import org.apache.velocity.runtime.log.Log;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java	2023-09-27 00:55:44.030497422 +0200
@@ -21,8 +21,8 @@
 
 import java.lang.reflect.InvocationTargetException;
 
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.exception.VelocityException;
 import org.apache.velocity.runtime.log.Log;
 import org.apache.velocity.util.introspection.Introspector;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java	2023-09-27 00:55:44.030497422 +0200
@@ -22,8 +22,8 @@
 import java.io.IOException;
 import java.io.Writer;
 
-import org.apache.commons.lang.builder.ToStringBuilder;
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.builder.ToStringBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.context.InternalContextAdapter;
 import org.apache.velocity.exception.MethodInvocationException;
 import org.apache.velocity.exception.ParseErrorException;
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/Parser.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/Parser.java	2023-09-27 00:55:44.027164066 +0200
@@ -10,7 +10,7 @@
 import org.apache.velocity.runtime.directive.Macro;
 import org.apache.velocity.runtime.directive.MacroParseException;
 import org.apache.velocity.util.StringUtils;
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.runtime.RuntimeConstants;
 
 /**
--- velocity-1.7/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java	2023-09-27 00:55:44.027164066 +0200
@@ -9,7 +9,7 @@
 import org.apache.velocity.runtime.directive.Macro;
 import org.apache.velocity.runtime.directive.MacroParseException;
 import org.apache.velocity.util.StringUtils;
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.runtime.RuntimeConstants;
 
 /** Token Manager. */
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java	2023-09-27 00:55:44.030497422 +0200
@@ -22,7 +22,7 @@
 import java.io.InputStream;
 
 import org.apache.commons.collections.ExtendedProperties;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.exception.ResourceNotFoundException;
 import org.apache.velocity.runtime.resource.Resource;
 import org.apache.velocity.util.ClassUtils;
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java	2023-09-27 00:55:44.030497422 +0200
@@ -218,7 +218,7 @@
     public synchronized InputStream getResourceStream(final String name)
         throws ResourceNotFoundException
     {
-        if (org.apache.commons.lang.StringUtils.isEmpty(name))
+        if (org.apache.commons.lang3.StringUtils.isEmpty(name))
         {
             throw new ResourceNotFoundException("DataSourceResourceLoader: Template name was empty or null");
         }
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java	2023-09-27 00:55:44.030497422 +0200
@@ -118,7 +118,7 @@
         /*
          * Make sure we have a valid templateName.
          */
-        if (org.apache.commons.lang.StringUtils.isEmpty(templateName))
+        if (org.apache.commons.lang3.StringUtils.isEmpty(templateName))
         {
             /*
              * If we don't get a properly formed templateName then
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java	2023-09-27 00:55:44.030497422 +0200
@@ -195,7 +195,7 @@
     {
         InputStream results = null;
 
-        if (org.apache.commons.lang.StringUtils.isEmpty(source))
+        if (org.apache.commons.lang3.StringUtils.isEmpty(source))
         {
             throw new ResourceNotFoundException("Need to have a resource!");
         }
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java	2023-09-27 00:55:44.030497422 +0200
@@ -26,7 +26,7 @@
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
 import org.apache.commons.collections.ExtendedProperties;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.exception.ResourceNotFoundException;
 import org.apache.velocity.exception.VelocityException;
 import org.apache.velocity.runtime.resource.Resource;
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java	2023-09-27 00:55:44.030497422 +0200
@@ -26,7 +26,7 @@
 import java.net.URLConnection;
 import java.util.HashMap;
 import org.apache.commons.collections.ExtendedProperties;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.exception.VelocityException;
 import org.apache.velocity.exception.ResourceNotFoundException;
 import org.apache.velocity.runtime.resource.Resource;
--- velocity-1.7/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java	2023-09-27 00:55:44.030497422 +0200
@@ -158,7 +158,7 @@
 
         Object cacheObject = null;
 
-        if (org.apache.commons.lang.StringUtils.isNotEmpty(cacheClassName))
+        if (org.apache.commons.lang3.StringUtils.isNotEmpty(cacheClassName))
         {
             try
             {
@@ -534,7 +534,7 @@
              *  this strikes me as bad...
              */
 
-            if (!org.apache.commons.lang.StringUtils.equals(resource.getEncoding(), encoding))
+            if (!org.apache.commons.lang3.StringUtils.equals(resource.getEncoding(), encoding))
             {
                 log.warn("Declared encoding for template '" +
                              resource.getName() +
--- velocity-1.7/src/java/org/apache/velocity/runtime/RuntimeInstance.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/RuntimeInstance.java	2023-09-27 00:55:44.023830711 +0200
@@ -32,7 +32,7 @@
 import java.util.Properties;
 
 import org.apache.commons.collections.ExtendedProperties;
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.Template;
 import org.apache.velocity.app.event.EventCartridge;
 import org.apache.velocity.app.event.EventHandler;
--- velocity-1.7/src/java/org/apache/velocity/runtime/VelocimacroFactory.java	2023-09-27 00:55:09.976941285 +0200
+++ velocity-1.7/src/java/org/apache/velocity/runtime/VelocimacroFactory.java	2023-09-27 00:55:44.023830711 +0200
@@ -26,7 +26,7 @@
 import java.util.Vector;
 import java.util.ArrayList;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.exception.VelocityException;
 import org.apache.velocity.runtime.directive.Directive;
--- velocity-1.7/src/java/org/apache/velocity/util/introspection/ClassMap.java	2023-09-27 00:55:09.980274640 +0200
+++ velocity-1.7/src/java/org/apache/velocity/util/introspection/ClassMap.java	2023-09-27 00:55:44.030497422 +0200
@@ -23,7 +23,7 @@
 import java.lang.reflect.Modifier;
 import java.util.HashMap;
 import java.util.Map;
-import org.apache.commons.lang.text.StrBuilder;
+import org.apache.commons.lang3.text.StrBuilder;
 import org.apache.velocity.runtime.log.Log;
 import org.apache.velocity.util.MapFactory;
 
--- velocity-1.7/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java	2023-09-27 00:55:09.983607995 +0200
+++ velocity-1.7/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java	2023-09-27 00:55:44.030497422 +0200
@@ -27,7 +27,7 @@
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
-import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang3.ArrayUtils;
 
 
 /**
--- velocity-1.7/src/test/org/apache/velocity/test/BaseTestCase.java	2023-09-27 00:55:09.983607995 +0200
+++ velocity-1.7/src/test/org/apache/velocity/test/BaseTestCase.java	2023-09-27 00:55:44.030497422 +0200
@@ -353,7 +353,7 @@
                 buf.append(baseFile.getPath());
             }
 
-            if (org.apache.commons.lang.StringUtils.isNotEmpty(ext))
+            if (org.apache.commons.lang3.StringUtils.isNotEmpty(ext))
             {
                 buf.append('.').append(ext);
             }
--- velocity-1.7/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java	2023-09-27 00:55:09.983607995 +0200
+++ velocity-1.7/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java	2023-09-27 00:55:44.030497422 +0200
@@ -21,7 +21,7 @@
 
 import junit.framework.TestCase;
 
-import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.velocity.runtime.parser.node.ASTMethod;
 
 /**