CVE-2022-42889 our apps are not affected
Incident Report for TechTime Initiative Group
Resolved
This incident has been resolved.
Posted Aug 02, 2023 - 17:00 NZST
Update
EasySSO for Confluence has had the dependency removed as it was unused.

Version 4.6.8 has been released:

for Data Center: https://marketplace.atlassian.com/download/apps/1212583/version/4006008000
for Server: https://marketplace.atlassian.com/download/apps/1212583/version/4006008005
Posted Oct 29, 2022 - 14:11 NZDT
Identified
TechTime apps are not affected by CVE-2022-42889 (https://nvd.nist.gov/vuln/detail/CVE-2022-42889)

We do have this library in some apps as a dependency, but are not using the vulnerable method identified in the advisory.

To avoid the possibility of the library being used as an attack vector, we will release versions with the updated library immediately.
Posted Oct 28, 2022 - 11:53 NZDT
This incident affected: TechTime Server Apps (EasySSO for Confluence Server, GoogleMaps Embed macro for Confluence Server) and TechTime Data Center Apps (EasySSO for Confluence Data Center, GoogleMaps Embed macro for Confluence Data Center).