Does Jira V8.13.22 affected by Apache Commons Text ver 1.5-1.9? (CVE-2022-42889) and what is the rec

@Shay Keidar You can download v.1.10 from the Apache web site Commons Text – Download Apache Commons Text and replace your outdated version with the new one in the WEB-INF/lib. Do it in non-production environment first to make sure it won't break anything. In our case, neither JIRA and Confluence had any issues after the update. 

Atlassian is always behind with updating third-party components, and if the finding is critical, it's probably better to update it yourself and not rely on any security advisory.

Hi @Shay Keidar ,

welcome to the Atlassian community!

Atlassian team is currenlty investigationg about that security issue. Please check updates here https://www.atlassian.com/trust/security/advisories

Hope this helps,

Fabio