Does pega use the Apache Common Text library?
Hi All,
Does pega use the Apache Common Text library?
Because I got info regarding this from Our IT Security Client "Vulnerability Advisory - CVE-2022-42889"
Please give feedback and suggestions.
Thank you. Rahmat
Accepted Solution
I can see that INC-246283 was resolved.
For CVE-2022-42889 Apache Commons Text vulnerability Apply HFIX-84506
The solution was to have it installed and commited on dt4 and stg1 and cloud team helped with the prod install. .
@KOMARINA Hi Bharat,
Thanks for the quick response and explanation, but I have one question again related warning "Vulnerability Advisory - CVE-2022-42889",
so there is no significant impact from the pega side? I just want to make sure. Thank you, Rahmat
I have checked internally with our support team as this question has been asked by other clients.
We are analyzing the Apache Text vulnerability in Pega Platform to check if any patch is required at a product level.
https://blogs.apache.org/security/entry/cve-2022-42889
We will keep you updated on our analysis. If you feel you have further questions, please log a support incident on the MSP and let us know the ticket number here to allow us to track it.
Accepted Solution
I can see that INC-246283 was resolved.
For CVE-2022-42889 Apache Commons Text vulnerability Apply HFIX-84506
The solution was to have it installed and commited on dt4 and stg1 and cloud team helped with the prod install. .