I’ve been looking around your announcements / blogs and couldn’t find a related message, so apologies if I’ve missed it. Can you provide any info on if you are using the vulnerable Apache Commons Text Vulnerability library?
If so are there any mitigations we need to take?
Once alerted to CVE-2022-42889, the Apache Commons Text Vulnerability, Okta Engineering and Security conducted an investigation and confirmed that the Okta service is not currently impacted. This includes the Auth0 service.