Request to upgrade apache commons dependency in next ema release

Our application is using com.refinitiv.ema 3.7.2.0 dependency, which is bundled with apache commons-configuration2 v2.8.0, which has apache-commons-text v1.9.0 dependency. This apache-commons-text v1.9.0 dependency has been flagged as being vulnerable by the IT department in my company.

I would like to kindly request for the apache commons-configuration2 to be upgraded to v2.9.0 and be included in the next refinitiv ema dependency release. May I know when can this upgrade be done and be made available on maven repository?

Thanks.

Best Regards,

Vikneshh

Find more posts tagged with

upgrading

ema-api

#technology

Accepted answers

Jirapongse

@vikneshh

Thank you for reaching out to us.

I checked the apache commons dependencies in the RTSDK-2.1.2.L1 or EMA/ETA 3.7.2.L1 release and the dependencies are:

It uses commons-text-1.10.0.jar.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team directly via Contact Premium Support. Otherwise, you can submit this request via GitHub.

All comments

Jirapongse

@vikneshh

Thank you for reaching out to us.

I checked the apache commons dependencies in the RTSDK-2.1.2.L1 or EMA/ETA 3.7.2.L1 release and the dependencies are:

It uses commons-text-1.10.0.jar.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team directly via Contact Premium Support. Otherwise, you can submit this request via GitHub.

vikneshh

Hi Jirapongse,

In order to import RTSDK-2.1.2.L1 into my spring boot application, do I need to import each individual ema, eta and apache dependencies like (ema 3.7.2.0, commons-text-1.10.0 etc) found in the RTSDK-2.1.2.L1.jav.rrg.zip folder?

Or is there a specific maven dependency which encompasses the dependencies found in RTSDK-2.1.2.L1 that can be added to my application?

Is EMA/ETA 3.7.2.L1 release the same as RTSDK-2.1.2.L1 release?

Best Regards,

Vikneshh

Jirapongse

@vikneshh

Yes, RTSDK-2.1.2.L1 is EMA/ETA 3.7.2.L1.

Correct, you need to import dependencies to the project.

I checked EMA 3.7.2 in Maven (https://mvnrepository.com/artifact/com.refinitiv.ema/ema/3.7.2.0). It depends on commons-configuration2:2.9.0 and commons-configuration2:2.9.0 depends on commons-text:1.10.0.

vikneshh

Hi Jirapongse,

Actually EMA 3.7.2 in Maven is currently using apache commons configuration2 v2.8.0 while it is stated that apache commons v2.9.0 is the latest update to this dependency.

May I know if Refinitiv would be upgrading apache commons configuration2 dependency to v2.9.0 in the next ema release 3.7.3.0? Also roughly when is ema 3.7.3.0 due to be released?

Thanks.

Best Regards,

Vikneshh

Jirapongse

@vikneshh

Thank you for the update.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team via Contact Premium Support.

Otherwise, you can post this issue on GitHub.

EXPLORE OUR SITES