Request to upgrade apache commons dependency in next ema release

vikneshh
vikneshh
in EMA

Our application is using com.refinitiv.ema 3.7.2.0 dependency, which is bundled with apache commons-configuration2 v2.8.0, which has apache-commons-text v1.9.0 dependency. This apache-commons-text v1.9.0 dependency has been flagged as being vulnerable by the IT department in my company.

I would like to kindly request for the apache commons-configuration2 to be upgraded to v2.9.0 and be included in the next refinitiv ema dependency release. May I know when can this upgrade be done and be made available on maven repository?

Thanks.

Best Regards,

Vikneshh

Tagged:

Best Answer

  • Jirapongse
    Jirapongse admin
    Answer ✓

    @vikneshh

    Thank you for reaching out to us.

    I checked the apache commons dependencies in the RTSDK-2.1.2.L1 or EMA/ETA 3.7.2.L1 release and the dependencies are:

    1696498965912.png

    It uses commons-text-1.10.0.jar.

    If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team directly via Contact Premium Support. Otherwise, you can submit this request via GitHub.

Answers

  • vikneshh
    vikneshh

    Hi Jirapongse,

    In order to import RTSDK-2.1.2.L1 into my spring boot application, do I need to import each individual ema, eta and apache dependencies like (ema 3.7.2.0, commons-text-1.10.0 etc) found in the RTSDK-2.1.2.L1.jav.rrg.zip folder?

    Or is there a specific maven dependency which encompasses the dependencies found in RTSDK-2.1.2.L1 that can be added to my application?

    Is EMA/ETA 3.7.2.L1 release the same as RTSDK-2.1.2.L1 release?


    Best Regards,

    Vikneshh

  • vikneshh
    vikneshh

    Hi Jirapongse,

    In order to import RTSDK-2.1.2.L1 into my spring boot application, do I need to import each individual ema, eta and apache dependencies like (ema 3.7.2.0, commons-text-1.10.0 etc) found in the RTSDK-2.1.2.L1.jav.rrg.zip folder?

    Or is there a specific maven dependency which encompasses the dependencies found in RTSDK-2.1.2.L1 that can be added to my application?

    Is EMA/ETA 3.7.2.L1 release the same as RTSDK-2.1.2.L1 release?


    Best Regards,

    Vikneshh

  • Jirapongse
    Jirapongse admin

    @vikneshh

    Yes, RTSDK-2.1.2.L1 is EMA/ETA 3.7.2.L1.

    Correct, you need to import dependencies to the project.

    I checked EMA 3.7.2 in Maven (https://mvnrepository.com/artifact/com.refinitiv.ema/ema/3.7.2.0). It depends on commons-configuration2:2.9.0 and commons-configuration2:2.9.0 depends on commons-text:1.10.0.

    1696502684138.png


  • vikneshh
    vikneshh

    Hi Jirapongse,

    Actually EMA 3.7.2 in Maven is currently using apache commons configuration2 v2.8.0 while it is stated that apache commons v2.9.0 is the latest update to this dependency.

    May I know if Refinitiv would be upgrading apache commons configuration2 dependency to v2.9.0 in the next ema release 3.7.3.0? Also roughly when is ema 3.7.3.0 due to be released?

    Thanks.

    Best Regards,

    Vikneshh

  • Jirapongse
    Jirapongse admin

    @vikneshh

    Thank you for the update.

    If you are a RDC (Refinitiv Developer Connect) contact, you can submit this request to the API support team via Contact Premium Support.

    Otherwise, you can post this issue on GitHub.

Categories