Statements

Tabs

Apache Commons Text

Dear reader,

From various sources (NCSC.nl, VCIB and ACIB) we have been informed of a vulnerability in the "Apache Commons Text" library.

In short:
SmartDocuments does not use the Apache Commons Text Library, so this vulnerability is irrelevant to the SmartDocuments software, regardless of version.

Learn more:
https://nvd.nist.gov/vuln/detail/CVE-2022-42889
https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0650

The vulnerability is in the following versions: Apache Software Foundations Commons Text 1.5 through 1.9. The vulnerability was patched in version 1.10.0.

For further questions, please feel free to contact SmartDocuments' CISO at SecurityOfficer@SmartDocuments.com.

Kind regards,

Freek de Cloet

Security Officer SmartDocuments