dosubot[bot] commented on issue #2555:
URL:
https://github.com/apache/incubator-hugegraph/issues/2555#issuecomment-2154337714
<!-- Answer -->
To address the CVE-2022-42889 vulnerability in the HugeGraph Java client
version 1.3, you need to update the Apache Commons Text library to version
1.10.0 or later. This vulnerability is related to the Apache Commons Text
library, which is used for string interpolation and can be exploited if not
properly updated.
Here is how you can update the dependency in your `pom.xml` file if you are
using Maven:
```xml
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
```
If you are using Gradle, you can update the dependency in your
`build.gradle` file:
```groovy
implementation 'org.apache.commons:commons-text:1.10.0'
```
Make sure to rebuild your project after updating the dependency to ensure
that the new version is being used
<sup>[[1]](https://github.com/apache/incubator-hugegraph/blob/master/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/security/HugeSecurityManager.java)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
