Hello,
I would like to inquire whether the files related to Apache Commons Text: CVE-2022-42889 can be safely deleted, considering that they are not being utilized by the application itself?
Kindly,
Marios.
Hello @mbitzis
It looks like this is a bug they are actively working. From looking at some of the comments it looks like it has been fixed in version 9.6 so upgrading might be the way to go.
Disclaimer: Jira IS NOT vulnerable to CVE-2022-42889. Jira does not use the vulnerable module org.apache.commons.text.StringSubstitutor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.