You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2023/03/28 21:18:00 UTC

[jira] [Updated] (CONFIGURATION-830) Critical vulnerability on commons-text 1.9. Please upversion to 1.10.0

     [ https://issues.apache.org/jira/browse/CONFIGURATION-830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gary D. Gregory updated CONFIGURATION-830:
------------------------------------------
    Issue Type: Task  (was: Bug)
      Priority: Trivial  (was: Critical)

Changing ticket type and priority. This is not a security issue for this component. You can update your POM or app to use whatever dependencies you want. Git master and snapshots already have this change. 

> Critical vulnerability on commons-text 1.9.  Please upversion to 1.10.0
> -----------------------------------------------------------------------
>
>                 Key: CONFIGURATION-830
>                 URL: https://issues.apache.org/jira/browse/CONFIGURATION-830
>             Project: Commons Configuration
>          Issue Type: Task
>          Components: Build
>    Affects Versions: 2.8.0
>            Reporter: Mario Jauvin
>            Priority: Trivial
>             Fix For: 2.9.0
>
>
> commons-configuration2 version 2.8.0 has a dependency on commons-text:1.9 that has a critical vulnerability: [CVE-2022-42889] CWE-94: Improper Control of Generation of Code ('Code Injection').  See [org.apache.commons:commons-text:1.9|https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-text@1.9]  for details.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)