Currently we are evaluating WSO2 APIM 4.2.0. We like to know this version 4.2.0 is compliant with vulnerability reported in Security Advisory WSO2-2021-1738 (https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738/)
Thanks for your support
Yes, this issue is fixed in APIM 4.2.0. The vulnerability mentioned above is present only up to APIM version 4.0.0. Versions above 4.0.0 include this fix.
If you need more details, you can check the relevant fixes available in the 4.2.0-related branches for further clarification. For example, fix [1] is available in component [2], and fix [3] is available in component [4]. (These are the component versions included in APIM 4.2.0.)
[1] https://github.com/wso2/carbon-kernel/pull/3152
[2] https://github.com/wso2/carbon-kernel/tree/v4.8.1
[3] https://github.com/wso2/carbon-identity-framework/pull/3864
[4] https://github.com/wso2/carbon-identity-framework/tree/v5.24.8