A new vulnerability (Apache Commons Text CVE-2022-42889) has been identified. However, this vulnerability does not affect current frevvo versions v10.0+ because frevvo does not use the StringSubstitutor API.
- Solr vulnerability and scanning tools indicate that Solr uses commons-text directly (StringEscapeUtils.escapeEcmaScript) in LoadAdminUiServlet that is not vulnerable.
- Additional detail can be found in this Apache Commons article.
If you have any questions please firstname.lastname@example.org.
We appreciate you trusting frevvo with your mission critical applications. It is our goal to always provide you with the highest quality of service possible.
frevvo Customer Support