Is Apache Commons Text version 1.9 or older used in Groupshare, Studio or Multiterm? We are concerned about CVE-2022-42889 (vulnerability in Apache Commons Text.)

According to our IT Department, some part of Trados is running with a vulnerability in "Apache Common Text " used in the Java library. It is recommended to upgrade this library to version 1.10.0. Will you be providing a solution? See https://nvd.nist.gov/vuln/detail/CVE-2022-42889#vulnCurrentDescriptionTitle 

emoji
Parents Reply
  • Hi Alex,

    Indeed, current we're still missing any article in the RWS Support Gateway for the CVE-2022-42889 vuln. in relation to Trados GroupShare. Our Support team is working to push the relevant details live next possible.

    The vuln CVE-2022-42889 itself does affect Trados GroupShare or, to be more precise, the component MultiTerm Online optionally available for it. MultiTerm Online in the currently released versions of GroupShare use an affected version of Apache Commons Text (1.8).
    We're currently finalizing the next update for GroupShare, the Cumulative Update 8 (CU8), which will also include a new MultiTerm Online version that uses a newer, unaffected Apache Commons Text (1.10). This CU8 is planned to be available in the coming weeks, latest expected availability is before Christmas.

    I hope this helps.
    Phillip Maieski | Trados Product Management – RWS Group

    .

    emoji
Children