Edge Technologies, Inc. | Documentation | Remediation to the Apache Commons Text Vulnerability

No Results

Getting Started
edgeCore™ Basics
- Glossary of Terms
- Introduction: Getting Started with edgeCore
- Supported Platforms & System Requirements
- How to Download edgeCore
- License Management
- Windows Installation
- Linux / UNIX Installation
- Admin & System Menus
- Keyboard Shortcuts
- Using Context Menus
- How to Upgrade edgeCore
- How to Apply a Patch
- Cloud Deployment
- Third-Party Libraries Used
- How to Create Support Tickets
Data Management: Practical Examples
- Data Management Overview
- Connect to a Data Directory on the Local Server
- Create a Feed
- Create SQL Query Transform
- Create a Summary Transform
Visualizations: Practical Examples
- Visualizations Overview
- Create a Map Visualization
- Create a Bar Chart Visualization
- Create a Pie Chart Visualization
- Create a Page
- Add Visualizations to Page
Actions: Practical Examples
- Actions Overview
- Create a Tooltip Action
- Create a Switch to Page Action
Provisioning: Practical Examples
- Provisioning Overview
- Provision a User
- Validate User Login
HTML Template: Practical Examples
- HTML Template Examples Overview
- HTML Template Example 1
- HTML Template Example 2
- HTML Template Example 3
Administration
Command Center
- Command Center Overview
- What Command Center is Not
- Installing Command Center on Linux
- Connecting Edge Instance to Command Center
- Command Center Licensing Submenu
- External License Management via CLI
- Command Center Enterprise Submenu
- Command Center System Submenu
Backup and Restore
- Backup & Restore Overview
- Partial Backup
- Full Backup
- Restoring an Archive with License
Server Administration
- External Metric Configuration
  - Telemetry
  - Metric Configuration (Prometheus)
- Login Page
- Configuration Properties
- Log Files and Management
- HTTP Security Headers
- Isolating Administrator Access
- Memory Configuration
- Failover
- SSL Configuration
- Runtime Configuration
- Session Management
- Cluster Installation
- Cluster Management
- Running Multiple Instances from a Shared Configuration Database
- CheckHealth Server Status Monitoring
- Keep-Alive Status Monitoring
How To Guides
Automation
- How to Enable Automation
- Automation Overview
- How to Access Automation
- Script Recorder Interface Overview
- Script Center Interface Overview
- Automation Example: User Registration
- Automation Example: Data Scraping
- Automation Example: ServiceNow User Creation/Registration
- Automation Example: How to Create a Loop
- Automation Example: How to Create a Retry Loop
- Automation: Best Practices for Building a Script
- Automation: How to Lock Scripts
- Automation: How to Fetch Data
- Automation: How to Fetch Files
- Difference between ScriptVar, PageVar, and NodeVar
Integrations (Adapters)
- Building Adapters
- Integrations Overview
- Support Matrix
- Adapter Licensing
- Available Web Adapters
- Requesting a New Web Adapter
- Installing and Upgrading Adapters
- Deactivating Adapters
- Data Adapters and Data Connections
- Content Handling
- Authentication Handling
- Content Bundles
Custom Visualizations
- Custom Visualizations Overview and Prerequisites
- Generating a Custom Visualization
- Generating a Custom Visualization ZIP File
- Custom Visualization Files
- Installing Custom Visualization Extensions
- Custom Visualization Example
Data Management
- Using Oracle as an External Database
Other How-To-Guides
- Prevent role from running widget actions – custom actions for role
- Handling Paginated Web Data Sources
EnPortal / AppBoard
- Migrating From EnPortal / AppBoard
NGINX Load Balancer
- Configuring NGINX for SSL Termination
Database Authentication
- Microsoft SQL Server Authentication Database
- Oracle Authentication Database
- Oracle With Kerberos Authentication
Remediation to the Apache Commons Text Vulnerability
Displaying Current Time in JavaScript
How to Create Calendar Visualization
Using Custom JavaScript in the Request of Web Data Feed
How to Parse Raw JSON Data
How to Create Dashboard & Filter Data
How to Convert Timestamp String to Date
Remediation to the Apache Log4j Vulnerability
Robots.txt Support
How to Retrieve the Entitlement Report
SSL Exception – Troubleshooting
How to Generate HAR Files
Azure AD SAML SSO
EdgeCore SAML Setup
Installing DB (JDBC) Drivers
Application
Pipeline
- Pipeline Overview
- Notifications
- Satisfy Upstream Node Variables Wizard Step
- Pipeline Integrity Report
- Job Status
- Searching Pipeline by Tags
- Exporting and Restoring Pipeline Node Configuration
- Accessing Pipeline Data via API without Having Pipeline Access
Connections and Feeds
- edgeWeb Connections
- Data Feeds
- edgeData Connections
- Advanced Update Scheduling: CRON Scheduler
Transforms
- JavaScript Transform
- Transforms Overview
- Filter Transform
- SQL Transform
- For Each Transform
- Time Series Transform
- TreeMap Relational Model
- Topology Relational Model
- Flow Relational Model
Visualizations
- Visualizations Overview
- Animated Text
- Bullet Chart
- Chart
- Advanced Configuration Mode in Chart Visualizations
- 3D Chart Visualizations
- Chart Configuration Override
- Flow Diagram
- Gauge
- Heat Map
- HTML Template
- List
- Map: Icons
- Map: Regions
- Map: Tiles and Overlays
- Enabling OpenCycle in Maps
- Enabling OpenWeather in Maps
- Pie Chart
- Small Multiples
- Table
- Timeline
- Topology
- TreeMap
- Stacked Visualizations
- Micro Charts
- Dataset Threshold & Automatic Suggestion to Limit Data
- Multiple Selection
Pages
- Pages Overview
- Remaining in the Edit Mode When Navigating Pages
- Automatically Creating Pages
- Bookmarking Pages
- Selecting an Icon for a Page
- Setting the Padding between Visualizations
- Cloning Pages
- Highlighting the Current Page
- Page Variable Integrity Report
- Manage Pages
- Grid Layout
Actions
- Actions Overview
- Switch to Page
- Copy To Clipboard
- Show Record Details
- Launch URL
- Run Script
- Tooltip
- Show Visualization
- Set Page Variable Action
- Server Action
- JavaScript Action Example
- Web Data Action Example
- Disabling Action If Conditions Are Not Met
- Right-click Actions
- Creating Sub-Menus for Visualization Actions
Variables
- Overview
- Node Variables
- Page Variables
- Secured Variables
- System Variables
Variable Constraints
- String Constraints
- Numeric Constraints
- Realtime Constraints
- Overview
Client Filters
- Row Limit Filter
- String Constraint Filter
- Search Field
- Realtime Date Filter
- Date Range Slider
- Date Range Picker
- Client Pagination
- Custom Expression Filter
- Client Filters Overview
Rule Sets
- Advanced Rule Mode: JavaScript Rule Expression
- Overview
Renderers
- Color Renderer
- Icon Renderer
- Overview
- Date Renderer
- Gauge Renderer
- Number Renderer
- Text Renderer
Provisioning
- Domains
- Users
  - CyberArk PasswordVault Expressions
  - Users Overview
- Provisioning Overview
- Provision Defaults
- Setting a Landing Page
- Setting a Custom Breadcrumb Home Icon Link
- Roles
- Role-based Access and Security Permissions
- Security Policies
- Message Center
- Kiosk Mode
- Configuring Password Policy
- Configuring Preferences
- Configuring Credentials
- Configuring Secured Variables
Preferences
- Password Management
- Themes
- Preferences
Web Adapters
- Splunk Web Adapter
- Web & Data Adapters
Data Adapters
- Splunk REST API Integration Overview
- ServiceNow API Integration Overview
- Netcool HTTP API Overview
- Dynatrace REST API Overview
- AppDynamics API Integration Overview
- API Integration Example: SevOne
- Data Adapters Overview

Remediation to the Apache Commons Text Vulnerability

October 20, 2022

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. For more information, refer to this page.

edgeCore 4.3.x versions use Commons Text 1.8, whereas 4.4.x versions use Commons Text 1.9.

Take the following steps to replace the above-mentioned older Commons Text libraries with version 1.10.0:

Download commons-text-1.10.0.jar file.
Shutdown edgeCore.
Go to the lib folder of the your edgeCore build (edgeCoreInstallHome/tomcat/webapps/ROOT/WEB-INF/lib).
Delete the older commons-text-<version>.jar from this directory.
Move the downloaded jar file (version 1.10.0) to this directory.
Start edgeCore again.

Terms | Privacy