Hiya GoCD has been using commons-text 1.10 (with the issue you refer to fixed) since GoCD 22.3.0: https://github.com/gocd/gocd/commit/293022076385c48c9fb41485b5674fa2e69c29c1
The agent *bootstrapper* doesn't use commons-text at all, however the agent jar which is dynamically downloaded from the server and matches the server's version does use commons-text. You might want to double check your server is running GoCD version 22.3.0 or later? -Chad On Mon, Jul 10, 2023 at 11:06 PM Mai M. Khattab <maimkhat...@gmail.com> wrote: > Hello There, > Any idea how can if there a remediation for (CVE-2022-42889 - Arbitrary > code execution in Apache Commons Text · CVE-2022-42889 · GitHub Advisory > Database <https://github.com/advisories/GHSA-599f-7c49-w659> ) on > (go-agent), please? > I am using go-agent (v23.1) and I found it is using commons-text (v1.9) > Regards, > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/29cd81fe-b404-41c8-8db4-260e1204d00cn%40googlegroups.com > <https://groups.google.com/d/msgid/go-cd/29cd81fe-b404-41c8-8db4-260e1204d00cn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAA1RwH-MHbMNTohr%3DTODFWgg7CysPi5Y2Met-8%3D6rrjfV7id_g%40mail.gmail.com.