question

Upvotes
Accepted
vikneshh avatar image
1 0 0 0

Request to upgrade apache commons dependency in next ema release

Our application is using com.refinitiv.ema 3.7.2.0 dependency, which is bundled with apache commons-configuration2 v2.8.0, which has apache-commons-text v1.9.0 dependency. This apache-commons-text v1.9.0 dependency has been flagged as being vulnerable by the IT department in my company.

I would like to kindly request for the apache commons-configuration2 to be upgraded to v2.9.0 and be included in the next refinitiv ema dependency release. May I know when can this upgrade be done and be made available on maven repository?

Thanks.

Best Regards,

Vikneshh

#technologyema-apiupgrading
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

raksina.samasiri avatar image   raksina.samasiri

Hi @vikneshh ,

Thank you for your participation in the forum. Is the reply below satisfactory in resolving your query?
If so please can you click the 'Accept' text next to the appropriate reply? This will guide all community members who have a similar question.

Thanks,
AHS

raksina.samasiri avatar image   raksina.samasiri

Please be informed that a reply has been verified as correct in answering the question, and has been marked as such.

Thanks,
AHS

2 Answers

· Write an Answer
Upvotes
Accepted
Jirapongse avatar image
79.4k 253 52 74

@vikneshh

Thank you for reaching out to us.

I checked the apache commons dependencies in the RTSDK-2.1.2.L1 or EMA/ETA 3.7.2.L1 release and the dependencies are:

1696498965912.png

It uses commons-text-1.10.0.jar.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team directly via Contact Premium Support. Otherwise, you can submit this request via GitHub.


1696498965912.png (23.5 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

vikneshh avatar image vikneshh

Hi Jirapongse,

In order to import RTSDK-2.1.2.L1 into my spring boot application, do I need to import each individual ema, eta and apache dependencies like (ema 3.7.2.0, commons-text-1.10.0 etc) found in the RTSDK-2.1.2.L1.jav.rrg.zip folder?

Or is there a specific maven dependency which encompasses the dependencies found in RTSDK-2.1.2.L1 that can be added to my application?

Is EMA/ETA 3.7.2.L1 release the same as RTSDK-2.1.2.L1 release?


Best Regards,

Vikneshh

Upvotes
Jirapongse avatar image
79.4k 253 52 74

@vikneshh

Yes, RTSDK-2.1.2.L1 is EMA/ETA 3.7.2.L1.

Correct, you need to import dependencies to the project.

I checked EMA 3.7.2 in Maven (https://mvnrepository.com/artifact/com.refinitiv.ema/ema/3.7.2.0). It depends on commons-configuration2:2.9.0 and commons-configuration2:2.9.0 depends on commons-text:1.10.0.

1696502684138.png



1696502684138.png (58.7 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

vikneshh avatar image vikneshh

Hi Jirapongse,

Actually EMA 3.7.2 in Maven is currently using apache commons configuration2 v2.8.0 while it is stated that apache commons v2.9.0 is the latest update to this dependency.

May I know if Refinitiv would be upgrading apache commons configuration2 dependency to v2.9.0 in the next ema release 3.7.3.0? Also roughly when is ema 3.7.3.0 due to be released?

Thanks.

Best Regards,

Vikneshh

Jirapongse avatar image Jirapongse vikneshh

@vikneshh

Thank you for the update.

If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team via Contact Premium Support.

Otherwise, you can post this issue on GitHub.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.