Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-81046

Upgrade Apache Commons-text for CVE-2022-42889

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Low
    • None
    • 7.13.11, 7.19.2
    • Security
    • None

    Description

      This bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next numbered release.

      Confluence does not use the vulnerable module org.apache.commons.text.StringSubstitutor

      Issue Summary

      Apache Common Text library should be upgraded to 1.10.0 or later to mitigate any exploiting attempts listed on CVE-2022-42889

      Steps to Reproduce

      Check org.apache.commons -> commons-text version on pom.xml

      Expected Results

      apache-common-text 1.10.0+ is expected

      Actual Results

      apache-common-text 1.9 (or earlier) is used

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Activity

          People

            Unassigned Unassigned
            ubreier@atlassian.com UB
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: