Apache commons-text security issues

24 views
Skip to first unread message

Mirza Hadžič

unread,
Jul 14, 2026, 10:45:21 AM (yesterday) Jul 14
to GWT Users
Hello,

note that commons-text 1.9 used in gwt-user is having security issues,
so please upgrade this library to newer version if possible. This jar is
used by net.sourceforge.htmlunit library.

Cheers,

Mirza

Colin Alworth

unread,
Jul 14, 2026, 11:48:18 AM (yesterday) Jul 14
to GWT Users
Thanks for calling this out - however, the gwt-user dependency should never be on your runtime classpath, but only used when you compile/test/debug code for your project, so the scope her is limited.

Oddly, the non-maven build of GWT doesn't appear to include commons-text, I wonder if that is an oversight of the ant build, or if the dependency can simply be excluded.

Leon Pennings

unread,
1:28 AM (15 hours ago) 1:28 AM
to GWT Users
Hi Mirza,

this is not a production jar as Colin pointed out. 
So if you are using the owasp plugin to find these, you can safely add this library to the owasp exclusions list - or setup you plugin/project so that you only scan libraries used in your deployable product. 

rg,

Leon.

Reply all
Reply to author
Forward
0 new messages