Updated: Nov 22, 2022
Following a recently reported vulnerability (CVE-2022-42889), we have completed a thorough review of GeoTime applications and their dependencies. Your security is our top priority, and we would like to share the following updates:
Not materially affected by the vulnerability.
The GeoTime Desktop application does contain a vulnerable version of the Apache Commons Text library, however, after a thorough code review the vulnerable code path of the library is not used by our application. There is no way to use the exploit via GeoTime Desktop for malicious purposes.
To avoid seeing false positives in security scans on client machines, please consider:
GeoTime Desktop - License Utility (ULU) and License Server Application
GeoTime Web Applications
No known vulnerabilities.
The next version of GeoTime Desktop (6.5) will contain the updated library out of the box when it is released in the new year.
As part of our ongoing vulnerability management process, GeoTime will continue to monitor and implement additional remediation actions as appropriate to ensure GeoTime-owned systems are patched against all security issues, including those identified in CVE-2022-42889.