Is Apache Commons Text version 1.9 or older used in Groupshare, Studio or Multiterm? We are concerned about CVE-2022-42889 (vulnerability in Apache Commons Text.)

According to our IT Department, some part of Trados is running with a vulnerability in "Apache Common Text " used in the Java library. It is recommended to upgrade this library to version 1.10.0. Will you be providing a solution? See https://nvd.nist.gov/vuln/detail/CVE-2022-42889#vulnCurrentDescriptionTitle 

emoji
Parents Reply
  • Thank you for those links - I don't know why I didn't find those articles myself, as I did have a look around the KB before posting.

    So, for Studio and Multiterm there is a categorial statement that CVE-2022-42889 vulnerability in Apache Commons Text does *not* affect them; and for WorldServer 11.7.x there is an article saying that there is a hotfix because the vulnerability did apply. However, there does not appear to be any information about the situation with Groupshare. 

    Unfortunately, I lack the technical background (I'm asking 'for a friend' - i.e. our IT Department) to know what I can conclude from that. Is the vulnerability obviously irrelevant to Groupshare, so that a statement is deemed unnecessary (at least to people who have more understanding of the matter)? Or is it still unknown or unclear whether/how the vulnerability affects Groupshare?

    In case it's relevant, we are using Studio 2019 SR1, Multiterm 2019, and Groupshare 2020 SR1 CU04. (We hope to upgrade to 2022 early next year - our organisation is a bit slow in that regard.)

    emoji
Children