question

Upvotes
Accepted
1 0 0 0

Request to upgrade apache commons dependency in next ema release

Our application is using com.refinitiv.ema 3.7.2.0 dependency, which is bundled with apache commons-configuration2 v2.8.0, which has apache-commons-text v1.9.0 dependency. This apache-commons-text v1.9.0 dependency has been flagged as being vulnerable by the IT department in my company.

I would like to kindly request for the apache commons-configuration2 to be upgraded to v2.9.0 and be included in the next refinitiv ema dependency release. May I know when can this upgrade be done and be made available on maven repository?

Thanks.

Best Regards,

Vikneshh

#technologyema-apiupgrading
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
78.6k 248 52 74

@vikneshh

Thank you for reaching out to us.

I checked the apache commons dependencies in the RTSDK-2.1.2.L1 or EMA/ETA 3.7.2.L1 release and the dependencies are:

1696498965912.png

It uses commons-text-1.10.0.jar.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team directly via Contact Premium Support. Otherwise, you can submit this request via GitHub.


1696498965912.png (23.5 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi Jirapongse,

In order to import RTSDK-2.1.2.L1 into my spring boot application, do I need to import each individual ema, eta and apache dependencies like (ema 3.7.2.0, commons-text-1.10.0 etc) found in the RTSDK-2.1.2.L1.jav.rrg.zip folder?

Or is there a specific maven dependency which encompasses the dependencies found in RTSDK-2.1.2.L1 that can be added to my application?

Is EMA/ETA 3.7.2.L1 release the same as RTSDK-2.1.2.L1 release?


Best Regards,

Vikneshh

Upvotes
78.6k 248 52 74

@vikneshh

Yes, RTSDK-2.1.2.L1 is EMA/ETA 3.7.2.L1.

Correct, you need to import dependencies to the project.

I checked EMA 3.7.2 in Maven (https://mvnrepository.com/artifact/com.refinitiv.ema/ema/3.7.2.0). It depends on commons-configuration2:2.9.0 and commons-configuration2:2.9.0 depends on commons-text:1.10.0.

1696502684138.png



1696502684138.png (58.7 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi Jirapongse,

Actually EMA 3.7.2 in Maven is currently using apache commons configuration2 v2.8.0 while it is stated that apache commons v2.9.0 is the latest update to this dependency.

May I know if Refinitiv would be upgrading apache commons configuration2 dependency to v2.9.0 in the next ema release 3.7.3.0? Also roughly when is ema 3.7.3.0 due to be released?

Thanks.

Best Regards,

Vikneshh

@vikneshh

Thank you for the update.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team via Contact Premium Support.

Otherwise, you can post this issue on GitHub.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.