Apache Commons Text zero-day vulnerability

We have been informed of a new Java vulnerability in the Apache Commons Text library. Can you confirm the status of this for your organisation and the services used by our organisation in terms of potential impact and remediation steps taken or to take place?

1 Like

Hi @grayat1

Thanks for reaching out, I hope you are well.

I have gone ahead and reached out to our security team to confirm the above request as this is out of my scope. I will be sure to share their update here once confirmed.

1 Like

Hi @grayat1

Thanks for your patience here.

New Relic’s investigation has determined that its Java and Infrastructure agents do not use the Apache Common Text library and therefore are not impacted by the recently announced zero-day vulnerability identified as CVE-2022-42889.

Keeping customers secure is New Relic’s top priority. We have a well-established vulnerability detection and response program that monitors and analyzes multiple sources of threat intelligence for all relevant risks. Potential vulnerabilities are assessed for impact and severity, and remediated as appropriate.

To receive security notifications from New Relic in the future, please subscribe to New Relic’s Security notifications community channel or RSS feed and New Relic’s blog.

For any further support needs, please visit us at support.newrelic.com.

1 Like