[
https://issues.apache.org/jira/browse/CONFIGURATION-830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory updated CONFIGURATION-830:
------------------------------------------
Issue Type: Task (was: Bug)
Priority: Trivial (was: Critical)
Changing ticket type and priority. This is not a security issue for this
component. You can update your POM or app to use whatever dependencies you
want. Git master and snapshots already have this change.
> Critical vulnerability on commons-text 1.9. Please upversion to 1.10.0
> -----------------------------------------------------------------------
>
> Key: CONFIGURATION-830
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-830
> Project: Commons Configuration
> Issue Type: Task
> Components: Build
> Affects Versions: 2.8.0
> Reporter: Mario Jauvin
> Priority: Trivial
> Fix For: 2.9.0
>
>
> commons-configuration2 version 2.8.0 has a dependency on commons-text:1.9
> that has a critical vulnerability: [CVE-2022-42889] CWE-94: Improper Control
> of Generation of Code ('Code Injection'). See
> [org.apache.commons:commons-text:1.9|https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/[email protected]]
> for details.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
