Similar to the Spring4Shell and Log4Shell vulnerabilities, a new critical vulnerability CVE-2022-42889, known as "Text4Shell", was discovered on 13 October 2022. Text4Shell is a vulnerability in the Java library Apache Commons Text and can allow an attacker to execute arbitrary code on the victim's machine. Read more here.
The Redstor ESE application does depend on a version of the Apache Commons Text library that is affected by CVE-2022-42889. However, ESE does not use the vulnerable string interpolation functions and is not susceptible to attack through this library.
As a precaution, ESE agents of version 22.11 and later no longer include the Apache Commons Text library.
We recommend regularly updating your Redstor software to ensure optimal security and functionality. You can find our latest downloads here.