Skip to content
Close
Get In Touch
Get In Touch
Payers
Providers
Health Exchanges (HIEs)
Researchers
Health IT Organizations
Smile Partners
The Health Information You Can Trust
Smile Health Data Platform
Smile CDA Exchange+
Smile Master Data Management
Health Applications You Can Trust
Smile CMS Suite
Smile Prior Authorization
Smile Payer To Payer
Smile Payer Member
Smile appSphere
Health Knowledge You Can Trust
Smile Clinical Quality Intelligence Suite
Smile dQM
Health Experts You Can Trust
Smile Professional Services
Smile Training
Platform Certifications
FHIR Essentials
Smile Support Services
Smile Managed Services
Our Blog
Use Cases
White Papers
Events
Videos
Smile Guides
Announcement grey banner
James Agnew, CTOOct 24, 2022 2:50:25 PM< 1 min read

Statement on CVE-2022-42889 (Commons Text)

October 24, 2022

A vulnerability was recently disclosed against versions 1.9 and below of the Apache Commons Text library. The details of this vulnerability are discussed here:

We have performed a detailed code audit, and can confirm that HAPI FHIR and Smile CDR are not vulnerable to this issue. The issue applies to a specific feature of Commons-Text known as the "Interpolator String Lookup" and this feature is not used by these products. However, users may wish to upgrade anyhow as an added precaution.

HAPI FHIR users may wish to manually upgrade the Commons-Text library to version 1.10 in their project pom.xml file (or equivalent). This has been tested and confirmed to be a safe upgrade.

A Smile CDR point release will be published shortly which upgrades this library.
avatar

James Agnew, CTO

James is the Chief Technology Officer for Smile CDR. Regarded as one of the original contributors and main players of HAPI FHIR®, James has been championing open source-based healthcare interoperability. With over 15 years of healthcare technology development and health informatics experience, he has built a reputation for being one of the top industry thought leaders. Over his career, James has built enterprise medical communication systems, integration platforms and mobile health apps that reduced barriers between information and care outcomes. Academically James holds a diploma in Computer Science from Algonquin College of Applied Art and Technology and several professional certifications. This combination of professional and academic experience has made James an expert in his field, overseeing the implementation of HL7® standards used in projects around the world.

RELATED ARTICLES