VertiGIS uses this page to provide centralized information about the critical vulnerability CVE-2022-42889, known as Text4Shell, disclosed on October 13, 2022, and its impact on UT for ArcGIS product family.
This article will be updated as new information becomes available.
- UT Integrator
The UT Integrator uses the affected Apache Commons text library. Tests with the current version 1.10 of the affected library, have not revealed any problems.
Extract the file commons-text-1.10.jar from the archive in the attachment and replace the file commons-text-1.x.jar in the directory [TOMCAT]/webapps/utpostserver/WEB-INF/lib. Afterwards restart the Tomcat.
Products not affected
Other products around UT for ArcGIS, including Plot and WMPS are not affected because they do not use Java or do not use the Apache Commons Text library.