Is QuerySurge affected by the Text4Shell vulnerability (CVE-2022-42889)?
Various QuerySurge components use Apache Commons Text, however none of them use the API that is affected by this vulnerability. Therefore, QuerySurge should not be vulnerable to CVE-2022-42889.
Out of an abundance of caution, QuerySurge will update to Apache Commons Text version 1.10.0 in the QuerySurge 10.3.x release.