[
https://issues.apache.org/jira/browse/CONFIGURATION-830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17706153#comment-17706153
]
Gary D. Gregory edited comment on CONFIGURATION-830 at 3/28/23 9:21 PM:
------------------------------------------------------------------------
Changing ticket type and priority. This is not a security issue for this
component. You can update your POM or app to use whatever dependencies you
want. Git master and snapshots already have this change. Please check git
master in the future to see if your issue has already been addressed.
was (Author: garydgregory):
Changing ticket type and priority. This is not a security issue for this
component. You can update your POM or app to use whatever dependencies you
want. Git master and snapshots already have this change.
> Critical vulnerability on commons-text 1.9. Please upversion to 1.10.0
> -----------------------------------------------------------------------
>
> Key: CONFIGURATION-830
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-830
> Project: Commons Configuration
> Issue Type: Task
> Components: Build
> Affects Versions: 2.8.0
> Reporter: Mario Jauvin
> Priority: Trivial
> Fix For: 2.9.0
>
>
> commons-configuration2 version 2.8.0 has a dependency on commons-text:1.9
> that has a critical vulnerability: [CVE-2022-42889] CWE-94: Improper Control
> of Generation of Code ('Code Injection'). See
> [org.apache.commons:commons-text:1.9|https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/[email protected]]
> for details.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
