It looks like com.refinitiv.ema:ema:3.6.6.0
uses org.apache.commons:commons-configuration2:2.7
which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0
It looks like com.refinitiv.ema:ema:3.6.6.0
uses org.apache.commons:commons-configuration2:2.7
which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0
Hi,
Thank you for your participation in the forum.
Is the reply below satisfactory in answering your question?
If yes please click the 'Accept' text next to the reply. This will guide all community members who have a similar question.
Otherwise please post again offering further insight into your question.
Thanks,
AHS
Hello @daniel.lipofsky
Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.
If you have more information, please feel free to contact the RTSDK team directly via the issue-201.