CVE-2022-33980 in EMA

It looks like com.refinitiv.ema:ema:3.6.6.0 uses org.apache.commons:commons-configuration2:2.7 which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0

Find more posts tagged with

java

ema-api

Accepted answers

wasin.w

Hello @daniel.lipofsky

Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.

If you have more information, please feel free to contact the RTSDK team directly via the issue-201.

All comments

wasin.w

Hello @daniel.lipofsky

Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.

If you have more information, please feel free to contact the RTSDK team directly via the issue-201.

Quick Links

All Forums
Recent Questions

EXPLORE OUR SITES