top of page

Apache Commons Text Vulnerability — What you Need to Know

Updated: Nov 22, 2022

Following a recently reported vulnerability (CVE-2022-42889), we have completed a thorough review of GeoTime applications and their dependencies. Your security is our top priority, and we would like to share the following updates:

GeoTime Desktop

​Not materially affected by the vulnerability.

The GeoTime Desktop application does contain a vulnerable version of the Apache Commons Text library, however, after a thorough code review the vulnerable code path of the library is not used by our application. There is no way to use the exploit via GeoTime Desktop for malicious purposes.

To avoid seeing false positives in security scans on client machines, please consider:

  • Replacing Apache Commons Text (up to version 1.9) with the latest version (v.1.10.0) linked here. Admin rights are required.

  • Email for detailed steps

GeoTime Desktop - License Utility (ULU) and License Server Application

​No known vulnerabilities.

For more information, click here.

GeoTime Web Applications

  • GeoTime Enterprise

  • GeoTime Glimpse

  • GeoTime Live

​No known vulnerabilities.

What’s Next?

The next version of GeoTime Desktop (6.5) will contain the updated library out of the box when it is released in the new year.

As part of our ongoing vulnerability management process, GeoTime will continue to monitor and implement additional remediation actions as appropriate to ensure GeoTime-owned systems are patched against all security issues, including those identified in CVE-2022-42889.



bottom of page