search cancel

Apache Commons Text vulnerability


Article ID: 252562


Updated On:


DX Application Performance Management


Looking at the new Apache Commons Text vulnerability (, I see that the restmon extension packaged with the APM Infrastructure Agent includes commons-text.jar v1.4, which is vulnerable.  Is someone looking at this, or know of a reason that it isn’t vulnerable please?

Please forward this to dev with urgency if we don't have an answer, as customers are asking.


Release : 21.3

Resolution APM AXA OI ASM

If it only affects >= 1.5 we are probably okay, as the restmon extension uses 1.4.