Apache Commons Text CVE-2022-42889

it seems that StringSubstitutor is used in several places in the CUBA Framework.
Will there it be a patch Release (as it has been with Jmix) updating the Apache Commons Text to 1.10.0?

Thank you

We plan to publish a patch release with dependencies update in a few weeks. The issue for dependencies update: Update dependencies · Issue #3282 · cuba-platform/cuba · GitHub