On Thu, Oct 20, 2022 at 01:51:26AM -0700, oriol....@udl.cat wrote: > There has been discovered a vulnerability affecting versions 1.5 to 1.9 of > Apache Commons Text: > https://nvd.nist.gov/vuln/detail/CVE-2022-42889 > > I've seen DSpace 7 uses the 1.9 version of this library: > https://github.com/DSpace/DSpace/blob/main/dspace-api/pom.xml#L850 > > It is recommended to update to 1.10, but I haven't tested it yet myself. > Just wanted to make sure everyone who is using DSpace 7 in production is > aware of this.
Thank you. A patch has been developed, but currently it is believed that this issue does not affect DSpace. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/Y1E4WaigD6Fsdcll%40IUPUI.Edu.
signature.asc
Description: PGP signature
