Request to upgrade apache commons dependency in next ema release

vikneshh
vikneshh Newcomer

Our application is using com.refinitiv.ema 3.7.2.0 dependency, which is bundled with apache commons-configuration2 v2.8.0, which has apache-commons-text v1.9.0 dependency. This apache-commons-text v1.9.0 dependency has been flagged as being vulnerable by the IT department in my company.

I would like to kindly request for the apache commons-configuration2 to be upgraded to v2.9.0 and be included in the next refinitiv ema dependency release. May I know when can this upgrade be done and be made available on maven repository?

Thanks.

Best Regards,

Vikneshh

Best Answer

  • Jirapongse
    Jirapongse ✭✭✭✭✭
    Answer ✓

    @vikneshh

    Thank you for reaching out to us.

    I checked the apache commons dependencies in the RTSDK-2.1.2.L1 or EMA/ETA 3.7.2.L1 release and the dependencies are:

    1696498965912.png

    It uses commons-text-1.10.0.jar.

    If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team directly via Contact Premium Support. Otherwise, you can submit this request via GitHub.

Answers