Genesys Cloud - Developer Community!

 View Only

Sign Up

  • 1.  Vulnerability CVE-2022-41404 in Platform SDK

    Posted 08-08-2025 14:42

    Greetings!

    For some time now, CVE-2022-41404 has been getting flagged by our security scans in the Platform SDK's "ini4j" dependency.  I see it still in the latest release (v229).

    The "ini4j" library hasn't been updated since 2015 so I'm expecting it may not get updated and I'm guessing Genesys might just move away from that library all together.

    What is Genesys' assessment of this vulnerability?  Is there a plan and schedule to address this in the Platform SDK?

    Thanks!

    Cheers!


    #PlatformSDK

    ------------------------------
    Richard Warsnak
    ------------------------------


  • 2.  RE: Vulnerability CVE-2022-41404 in Platform SDK

    Posted 08-11-2025 09:41

    Hello,

    The Java SDK is not leveraging the ini4j fetch method to read and retrieve properties from the configuration INI file. So it is not affected by this issue.

    The "ini4j" library hasn't been updated since 2015 so I'm expecting it may not get updated and I'm guessing Genesys might just move away from that library all together.

    It happens we have a task in progress to replace this dependency on ini4j with org.apache.commons/commons-configuration2

    We'll try to issue a developer announcement this week or next (with pre-release source code/build), and get the SDK updated (likely a month after the announcement to let customers make necessary changes or tests).

    Regards,



    ------------------------------
    Jerome Saint-Marc
    Senior Development Support Engineer
    ------------------------------

    Original Message


Related Content