You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2022/11/03 03:20:00 UTC

[jira] [Commented] (JAMES-3847) Impact of CVE-2022-42889 for Apache James

    [ https://issues.apache.org/jira/browse/JAMES-3847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628089#comment-17628089 ] 

Benoit Tellier commented on JAMES-3847:
---------------------------------------

We do not use StringSubstitutor, thus basing myself on this link https://www.docker.com/blog/security-advisory-cve-2022-42889-text4shell/ we are not at risk.

Upgrades to commons-text 1.10 will come in Apache James 3.7.3 + 3.8.0.

Best regards,

Benoit

> Impact of CVE-2022-42889 for Apache James
> -----------------------------------------
>
>                 Key: JAMES-3847
>                 URL: https://issues.apache.org/jira/browse/JAMES-3847
>             Project: James Server
>          Issue Type: Task
>            Reporter: David Snyder
>            Priority: Major
>
> Nessus has flagged \lib\commons-text-1.9.jar within the james-server-app distribution as vulnerable to CVE-2022-42889. Please let me know if there is any comment regarding the impact of this CVE on Apache James and if there are plans to update this library within the Apache James distribution.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org