Keywords: MDE CVE-2022-42889, security
PerkinElmer Informatics in partnership with TIBCO is aware of the recently announced Apache Commons Text vulnerability (CVE-2022-42889), referred to as “Text4Shell”.
For more information about the general TIBCO investigation into this, please refer to TIBCO Public Notice Text4Shell Vulnerability Update.
Please upgrade to the following product versions which contain remediation of CVE-2022-42889:
TIBCO Spotfire® Server 12.1.0
TIBCO Spotfire® Statistics Services 12.1.0, 12.0.2, 11.4.10
For all eligible customers these product versions are available to download here.
TIBCO is also working on releasing Service Packs for Spotfire Server LTS versions 12.0 and 11.4.
TIBCO Public Notice about Apache Commons Text Vulnerability & JXPath