Looking at the new Apache Commons Text vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2022-42889), I see that the restmon extension packaged with the APM Infrastructure Agent includes commons-text.jar v1.4, which is vulnerable. Is someone looking at this, or know of a reason that it isn’t vulnerable please?
Please forward this to dev with urgency if we don't have an answer, as customers are asking.
Release : 21.3
If it only affects >= 1.5 we are probably okay, as the restmon extension uses 1.4.