CVE-2022-42889, also known as Text4Shell
We have received questions about our usage of Apache Commons Text and how the security issue, reported as CVE-2022-42889, affects our systems. We are happy to report that 2c8’s systems are not affected.
The versions that contain the security issue are from 1.5 (inclusive) to 1.9 (inclusive). We are using a version outside this range. We are also not using the library in a way that would make us affected in any of the versions. This is because we are not using the library to interpolate strings, and we do not implement the required interfaces to make our systems vulnerable.
CVE as recorded by NIST: https://nvd.nist.gov/vuln/detail/cve-2022-42889