Statements
Apache Commons Text
Dear reader,
From various sources (NCSC.nl, VCIB and ACIB) we have been informed of a vulnerability in the "Apache Commons Text" library.
In short: SmartDocuments does not use the Apache Commons Text Library, so this vulnerability is irrelevant to the SmartDocuments software, regardless of version.
Learn more: https://nvd.nist.gov/vuln/detail/CVE-2022-42889 https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/ https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0650
The vulnerability is in the following versions: Apache Software Foundations Commons Text 1.5 through 1.9. The vulnerability was patched in version 1.10.0.
For further questions, please feel free to contact SmartDocuments' CISO at SecurityOfficer@SmartDocuments.com.
Kind regards,
Freek de Cloet
Security Officer SmartDocuments