Question
Pt Anabatic Technologies Tbk
ID
Last activity: 12 Jan 2023 13:27 EST
Does pega use the Apache Common Text library?
Hi All,
Does pega use the Apache Common Text library?
Because I got info regarding this from Our IT Security Client "Vulnerability Advisory - CVE-2022-42889"
Please give feedback and suggestions.
Thank you. Rahmat
Accenture
GB
@RahmatS8 Hi, Greetings. Pega does not use commons-text directly however if you use tools like Pega-traceViewer, then this commons-text is used.
Regards,
Bharat
Pt Anabatic Technologies Tbk
ID
@KOMARINA Hi Bharat,
Thanks for the quick response and explanation, but I have one question again related warning "Vulnerability Advisory - CVE-2022-42889",
so there is no significant impact from the pega side? I just want to make sure. Thank you, Rahmat
Updated: 24 Oct 2022 12:32 EDT
Pegasystems Inc.
GB
I have checked internally with our support team as this question has been asked by other clients.
We are analyzing the Apache Text vulnerability in Pega Platform to check if any patch is required at a product level.
https://blogs.apache.org/security/entry/cve-2022-42889
We will keep you updated on our analysis. If you feel you have further questions, please log a support incident on the MSP and let us know the ticket number here to allow us to track it.
DB Systel GmbH
DE
Already created an Incident INC-246283.
Accepted Solution
Updated: 12 Jan 2023 13:27 EST
Pegasystems Inc.
GB
I can see that INC-246283 was resolved.
For CVE-2022-42889 Apache Commons Text vulnerability Apply HFIX-84506
The solution was to have it installed and commited on dt4 and stg1 and cloud team helped with the prod install. .
DB Systel GmbH
DE
@KOMARINA hi Bharat,
may I ask how do you know it is not used internally? On Pega 8.7.2, I can find on System-Runtime-Code entries from commons-text-1.6.jar archive.
Thanks in advance,
Daniel