search cancel

CVE-2022-42889 and Autosys Workload Automation - commons-text-1.8.jar and commons-text-1.9.jar

book

Article ID: 255720

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

For CVE-2022-42889 and Autosys Workload Automation what are the plans to release an update .iso image without commons-text-1.8.jar  and commons-text-1.9.jar?

We don't want to have to remediate this vulnerability each time a new agent is deployed.

 

Environment

Release : 12.0

Resolution

Q : when will an updated image be released?
A : Next GA release of autosys will include the required changes(commons-text-1.10.0.jar). 
     As it is a Third-party patch to the existing Autosys ISO. We are not generating any new ISO for 12.1. However you can proceed with the below solutions.


Proposed solutions:
1. The file can be deleted once the installer/upgrade is done.

or

2. You can extract the ISO and replace the Apache Commons text (commons-text-1.8.jar or commons-text-1.9.jar) which is located at
ISO modules/JARS directory (Example: iso/modules/JARS) folder with the commons-text-1.10.0.jar and install the product.
So the installer/Upgrade process will make use of the commons-text-1.10.0.jar.