opencsv / Support Requests / #102 CVE-2022-42889 - opencsv dependency on Apache Commons Text Library dependency

#102 CVE-2022-42889 - opencsv dependency on Apache Commons Text Library dependency

Milestone: v1.0 (example)

Status: closed

Owner: Andrew Rucker Jones

Labels: None

Priority: 1

Updated: 2022-10-20

Created: 2022-10-20

Creator: Rohit Narayana

Private: No

Hello Team,
There is a new vulnerability CVE-2022-42889 that is reported for Apache Commons Text Library include 1.5 through 1.9. Please see https://mvnrepository.com/artifact/org.apache.commons/commons-text
The latest version of opencsv is dependent on Apache Commons Text with the vulnerability. The vulnerability on the Apache Commons Text side is fixed in their latest version.
Do you have any plans to release a newer version of opencsv with the upgraded dependency for Apache Commons Text?
Thanks for developing and maintaining this lib and helping the community.

Discussion

Andrew Rucker Jones - 2022-10-20

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrew Rucker Jones - 2022-10-20

Closed as duplicate. Please see source merge request #34.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrew Rucker Jones - 2022-10-20

assigned_to: Glen Smith --> Andrew Rucker Jones
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2022-42889 - opencsv dependency on Apache Commons Text Library dependency

Group

Searches

Help

#102 CVE-2022-42889 - opencsv dependency on Apache Commons Text Library dependency

Discussion