[
https://issues.apache.org/jira/browse/JAMES-3847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628089#comment-17628089
]
Benoit Tellier commented on JAMES-3847:
---------------------------------------
We do not use StringSubstitutor, thus basing myself on this link
https://www.docker.com/blog/security-advisory-cve-2022-42889-text4shell/ we are
not at risk.
Upgrades to commons-text 1.10 will come in Apache James 3.7.3 + 3.8.0.
Best regards,
Benoit
> Impact of CVE-2022-42889 for Apache James
> -----------------------------------------
>
> Key: JAMES-3847
> URL: https://issues.apache.org/jira/browse/JAMES-3847
> Project: James Server
> Issue Type: Task
> Reporter: David Snyder
> Priority: Major
>
> Nessus has flagged \lib\commons-text-1.9.jar within the james-server-app
> distribution as vulnerable to CVE-2022-42889. Please let me know if there is
> any comment regarding the impact of this CVE on Apache James and if there are
> plans to update this library within the Apache James distribution.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
