CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022. More information can be found here (https://nvd.nist.gov/vuln/detail/CVE-2022-42889)
The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.
Is JasperSoft Server 7.9 vulnerable?
JasperSoft Server 7.9
All Supported Operating Systems
Tibco Support has advised that to address the CVE-2022-42889 vulnerability with JasperSoft Server 7.9, is necessary to manually replace the existing JAR file with the updated version:
1. Download the latest COMMONS-TEXT-1.10.0.jar file from https://commons.apache.org/proper/commons-text/download_text.cgi
2. Manually replace the old COMMONS-TEXT-1.8.JAR or COMMONS-TEXT-1.9.JAR file with the COMMONS-TEXT-1.10.0.jar file at the following locations:
3. Recycle the JasperSoft Tomcat service