[ https://issues.apache.org/jira/browse/NUTCH-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770041#comment-17770041 ]
Sebastian Nagel commented on NUTCH-2979: ---------------------------------------- Note: upgrading to Hadoop 3.3.6 (NUTCH-3009) will update the core dependency to commons-text 1.10.0 > Upgrade Commons Text to 1.10.0 > ------------------------------ > > Key: NUTCH-2979 > URL: https://issues.apache.org/jira/browse/NUTCH-2979 > Project: Nutch > Issue Type: Bug > Components: build, plugin > Affects Versions: 1.19 > Reporter: Sebastian Nagel > Priority: Major > Labels: help-wanted > Fix For: 1.20 > > > In order to address > [CVE-2022-42889|https://nvd.nist.gov/vuln/detail/CVE-2022-42889] we should > upgrade to commons-text 1.10.0: > - Nutch core depends on 1.4 which is not affected by the CVE > - the plugins lib-htmlunit and any23 depend on a vulnerable commons-text > version (1.5 - 1.9) -- This message was sent by Atlassian Jira (v8.20.10#820010)