Text4Shell Vulnerability

Issue

CVE-2022-42889 was recently identified as a Text4Shell vulnerability that may be critical in certain instances. Text4Shell impacts the Apache Commons Text library, which is a common Java library providing lots of utilities for working with strings.

Ephesoft completed an assessment and concludes that the risk is low to moderate in the context that the affected Text4Shell method is not directly used within Transact or exposed externally. The host machine would need to be already compromised to exploit this vulnerability. As such, Ephesoft will be providing a resolution to this in Transact 2022.1.01 to relieve concerns from security scanning software alerts and to comply with client policies. We recommend updating to this release when it becomes available to mitigate risk further if you are on an earlier Transact release. See our Product Support Version Policy for more details on our security handling.