Apache commons-text library has a newly reported vulnerability CVE-2022-42889. Is the CA API Gateway vulnerable to this?

API Gateway does not utilize 'commons-text' interpolators for string lookups and is not affected or vulnerable to this exploit. At this time NIST shows "undergoing reanalysis" so if there is any new details we will re-evaluate as required.

The impacted Apache Common Text libraries were replaced in the 10.1 CR03 release.