search cancel

CVE-2022-42889 and Autosys Workload Automation - commons-text-1.8.jar and commons-text-1.9.jar


Article ID: 255720


Updated On:


CA Workload Automation AE


For CVE-2022-42889 and Autosys Workload Automation what are the plans to release an update .iso image without commons-text-1.8.jar  and commons-text-1.9.jar?

We don't want to have to remediate this vulnerability each time a new agent is deployed.



Release : 12.0


Q : when will an updated image be released?
A : Next GA release of autosys will include the required changes(commons-text-1.10.0.jar). 
     As it is a Third-party patch to the existing Autosys ISO. We are not generating any new ISO for 12.1. However you can proceed with the below solutions.

Proposed solutions:
1. The file can be deleted once the installer/upgrade is done.


2. You can extract the ISO and replace the Apache Commons text (commons-text-1.8.jar or commons-text-1.9.jar) which is located at
ISO modules/JARS directory (Example: iso/modules/JARS) folder with the commons-text-1.10.0.jar and install the product.
So the installer/Upgrade process will make use of the commons-text-1.10.0.jar.