Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Upgrade commons-text-1.9.jar
See original GitHub issueDescribe the bug
The VScode extension pivotal.vscode-spring-boot-1.40.0 includes the file language-server\BOOT-INF\lib\commons-text-1.9.jar. A critical security issue is reported as CVE-2022-42889 for this release. This error has been fixed in releases 1.10.0 and higher.
Please update the dependency to one not vulnerable.
To Reproduce
- Install the current extension “Pivotal Spring Boot Tools” on VScode.
- Inspect the contents of the path
%HOME%\.vscode\extensions\pivotal.vscode-spring-boot-1.40.0\language-server\BOOT-INF\libto find the vulnerable jar file.
Issue Analytics
- State:
- Created 10 months ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Download Apache Commons Text
Download Apache Commons Text. Using a Mirror. We recommend you use a mirror to download our release builds, but you must verify the ......
Read more >Upgrade - ImageJ - NIH
The easiest way to upgrade to the latest version of ImageJ is to use the Help>Update ImageJ command, available in version 1.41 or...
Read more >Bedienungsanleitung Barco ClickShare CX-30 (Seite 1 von 62 ...
einschließlich der Bereitstellung von Software-Upgrades und -Updates, ... maven2/com/fasterxml/jackson/core/jacksoncore/2.8.9/jackson-core-2.8.9-sources.jar
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
rewrite-mavenas well asrewrite-javahave been updated tocommons-textversion1.10.0, so we are not shipping version1.9.0of commons-text anymore. This will ship as part of the next release (inSpring Tools Extension for VSCode 1.41.0, as part of the broader Spring Tools 4.17.0 release)@BoykoAlex @martinlippert thx for responding so quickly, really appreciated. Personally, I do not assume that this is so much of an actual issue, given the way how the lib is used. But this warning comes up if your computer is scanned for vulnerabilities, and many organizations (like my employer) will perform such scans. I think its safe to assume that this warning has been seen already by lots of users. Once your PC has been on a “vulnerable computers” list for some days, it doesn’t take too long until emails from top-execs come flying in…
So, for the sake of you helping me to get rid of our sec guy telling me to update, I eagerly await the next release 😃