Hi, Is Knox affected by this vulnerability ? https://commons.apache.org/proper/commons-text/security.html
……… On 2022-10-13, the Apache Commons Text team disclosed CVE-2022-42889<https://www.cve.org/CVERecord?id=CVE-2022-42889> . Key takeaways: · If you rely on software that uses a version of commons-text prior to 1.10.0, you are likely still not vulnerable: only if this software uses the StringSubstitutor API without properly sanitizing any untrusted input. · If your own software uses commons-text, double-check whether it uses the StringSubstitutor API without properly sanitizing any untrusted input. If so, an update to 1.10.0 could be a quick workaround, but the recommended solution is to also properly validate and sanitize any untrusted input.
