Security vulnerability in Apache commons-text 1.9

graphql-java-generator / graphql-maven-plugin-project

graphql-maven-plugin is a Maven Plugin for GraphQL, based on graphql-java. It accelerates the development for both the client and the server, by generating the Java code. It allows a quicker development when in contract-first approach, by avoiding to code the boilerplate code.

https://graphql-maven-plugin-project.graphql-java-generator.com

MIT License

118 stars 47 forks source link

Security vulnerability in Apache commons-text 1.9 #156

Closed nictas closed 1 year ago

nictas commented 1 year ago

Apache commons-text has the following security vulnerability and users are suggested to upgrade to 1.10: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

Could you please release a new version of this project with the updated version?

etienne-sf commented 1 year ago

Hello

I upgraded both commons-text et graphql-java to their last version. The project build ok, so I'll release a new version soon.

In the meantime, you can add commons-text in its last version in your project (with either Gradle or Maven), so that your application doesn't use a vulnerable library.

Etienne

etienne-sf commented 1 year ago

Released in the 1.18.8 version