You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2023/03/28 21:18:00 UTC
[jira] [Updated] (CONFIGURATION-830) Critical vulnerability on commons-text 1.9. Please upversion to 1.10.0
[ https://issues.apache.org/jira/browse/CONFIGURATION-830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory updated CONFIGURATION-830:
------------------------------------------
Issue Type: Task (was: Bug)
Priority: Trivial (was: Critical)
Changing ticket type and priority. This is not a security issue for this component. You can update your POM or app to use whatever dependencies you want. Git master and snapshots already have this change.
> Critical vulnerability on commons-text 1.9. Please upversion to 1.10.0
> -----------------------------------------------------------------------
>
> Key: CONFIGURATION-830
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-830
> Project: Commons Configuration
> Issue Type: Task
> Components: Build
> Affects Versions: 2.8.0
> Reporter: Mario Jauvin
> Priority: Trivial
> Fix For: 2.9.0
>
>
> commons-configuration2 version 2.8.0 has a dependency on commons-text:1.9 that has a critical vulnerability: [CVE-2022-42889] CWE-94: Improper Control of Generation of Code ('Code Injection'). See [org.apache.commons:commons-text:1.9|https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-text@1.9] for details.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)