question

Upvotes
Accepted
3 3 4 8

CVE-2022-33980 in EMA

It looks like com.refinitiv.ema:ema:3.6.6.0 uses org.apache.commons:commons-configuration2:2.7 which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0

ema-apijava
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Upvote
Accepted
16.8k 31 9 12

Hello @daniel.lipofsky

Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.

If you have more information, please feel free to contact the RTSDK team directly via the issue-201.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.