Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence server and Apache Commons Text (v 1.5-1.9), per CVE-2022-42889?

Rusty Rusty
Rusty Rusty November 3, 2022

Our security scanning software is complaining about Apache Commons Text within our Confluence installation.

When will Atlassian be posting guidance/remediation on this issue?

Answer
Watch
Like Be the first to like this
991 views

2 answers

0 votes
Thomas Zapf
Thomas Zapf
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 10, 2022

Is there already any public announcement by Atlassian for this? In the advisories there is nothing that mentions this CVE and we have been asked by our Security Team to check this for our Confluence installation as it contains the affected Commons Text versions. As we are using a Starter License there is no other way for us to request support than this community. Any information if Confluence 7.19.0 is vulnerable for this CVE would be appreciated.

View More Comments
Thomas Zapf
Thomas Zapf
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 11, 2022

If anyone else searches for an answer, this was published yesterday evening: [CONFSERVER-81048] Upgrade Apache Commons-text for CVE-2022-42889 - Create and track feature requests for Atlassian products.

Like
Reply
0 votes
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Champion
November 8, 2022

Hi @Rusty Rusty ,

Atlassian is currently investigating on that. Btw, a security alert will be reported here https://www.atlassian.com/trust/security/advisories and all of us will be notified via email if Atlassian has some communication.

Hope this helps,

Fabio

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.19.2
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security