CVE-2022-42889 in latest version

[jaydeepkhandelwal]

Describe the bug
commons-text (>= 1.5 and <= 1.9) has been flagged by CVE-2022-42889. It affects graphql-spring-boot as its latest version still contains vulnerable version of commons-text (1.9).

To Reproduce
https://nvd.nist.gov/vuln/detail/CVE-2022-42889

Expected behavior
Upgrade commons-text to 1.10.0 or greater.

[steam0]

When will dere be a bugfix release of this package that resolves this bug? Is there a realase in the works, or will this take a long time?

[aembleton]

Looks like a fix has been made but a release hasn't been created here: 69dade8

It would be good to make point releases with this fix for older versions such as 12.0.0 so that a major upgrade doesn't need to take place.

[oliemansm]

Just published release 14.1.0: https://github.com/graphql-java-kickstart/graphql-spring-boot/releases/tag/v14.1.0.

Will check if I can setup a pipeline to release a fix for 12.0.0. Although upgrading from v12.0.0 to the latest shouldn't really cause any major issues.