[CONFSERVER-81045] Upgrade Apache Commons-text for CVE-2022-42889 - DUPLICATED - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Duplicate
Priority: Low
Fix Version/s: None
Affects Version/s: 7.13.11, 7.19.2
Component/s: Security
Labels:
None

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

This bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next numbered release.

Confluence does not use the vulnerable module org.apache.commons.text.StringSubstitutor

Issue Summary

Apache Common Text library should be upgraded to 1.10.0 or later to mitigate any exploiting attempts listed on CVE-2022-42889

Steps to Reproduce

Check org.apache.commons -> commons-text version on pom.xml

Expected Results

apache-common-text 1.10.0+ is expected

Actual Results

apache-common-text 1.9 (or earlier) is used

Workaround

Currently, there is no known workaround for this behavior. A workaround will be added here when available

duplicates

CONFSERVER-81048 Upgrade Apache Commons-text for CVE-2022-42889

Closed

Form Name

Naman Jain added a comment - 25/Feb/2023 12:47 PM

How should I upgrade common-text version to 1.10.0 on centos

Naman Jain added a comment - 25/Feb/2023 12:47 PM How should I upgrade common-text version to 1.10.0 on centos

Eliza Jamison added a comment - 14/Dec/2022 1:31 PM - edited

So this is a known issue and a critical vulnerability that need to be fixed within 2 weeks to stay compliant. This says closed with no fix????? My security team can force my applications offline. I have 3 Jira instances.

Eliza Jamison added a comment - 14/Dec/2022 1:31 PM - edited So this is a known issue and a critical vulnerability that need to be fixed within 2 weeks to stay compliant. This says closed with no fix????? My security team can force my applications offline. I have 3 Jira instances.

UB added a comment - 11/Nov/2022 9:56 AM

https://jira.atlassian.com/browse/CONFSERVER-81048

UB added a comment - 11/Nov/2022 9:56 AM https://jira.atlassian.com/browse/CONFSERVER-81048

Assignee:: Unassigned

Reporter:: UB

Affected customers:: 0 This affects my team

Watchers:: 8 Start watching this issue

Created:: 10/Nov/2022 4:59 PM

Updated:: 25/Feb/2023 12:47 PM

Resolved:: 11/Nov/2022 9:56 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

[CONFSERVER-81045] Upgrade Apache Commons-text for CVE-2022-42889 - DUPLICATED

Collapse comment: Naman Jain added a comment - 25/Feb/2023 12:47 PM

Expand comment: Naman Jain added a comment - 25/Feb/2023 12:47 PM

Collapse comment: Eliza Jamison added a comment - 14/Dec/2022 1:31 PM, Edited by Eliza Jamison - 14/Dec/2022 1:32 PM

Expand comment: Eliza Jamison added a comment - 14/Dec/2022 1:31 PM, Edited by Eliza Jamison - 14/Dec/2022 1:32 PM

Collapse comment: UB added a comment - 11/Nov/2022 9:56 AM

Expand comment: UB added a comment - 11/Nov/2022 9:56 AM

People

Dates