Engine and Engine Dispatch


Released 2022-11-10



  • [Java Only] updated Jackson libraries with fix forCVE-2022-42004
  • [Java Only] Updated Apache commons-text dependency to version 1.10.0 to avoid using a version withCVE-2022-42889. Note: Engine itself was not impacted by this CVE since the only use of commons-text was for escaping and unescaping via org.apache.commons.text.StringEscapeUtils, not for variable substitution.
  • [Java Only] Update Jackson versions, specifically to get the latest jackson-databind that is not subject toCVE-2022-42003.Note: Engine was not vulnerable due to not using UNWRAP_SINGLE_VALUE_ARRAYS
  • [Java Only] Update woodstox-core forCVE-2022-40153. Note: Engine does not appear to be vulnerable due to not validating external DTDs
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk