A new vulnerability (Apache Commons Text CVE-2022-42889) has been identified. However, this vulnerability does not affect current frevvo versions v10.0+ because frevvo does not use the StringSubstitutor API.
- Solr vulnerability and scanning tools indicate that Solr uses commons-text directly (StringEscapeUtils.escapeEcmaScript) in LoadAdminUiServlet that is not vulnerable.
- Additional detail can be found in this Apache Commons article.
If you have any questions please contactsupport@frevvo.com.
We appreciate you trusting frevvo with your mission critical applications. It is our goal to always provide you with the highest quality of service possible.
Thank you,
frevvo Customer Support
Comments
0 comments
Please sign in to leave a comment.