You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Benjamin De Boe (Jira)" <de...@uima.apache.org> on 2023/01/23 12:24:00 UTC

[jira] [Created] (UIMA-6486) Fix for FileUtil vulnerability in UIMA 2.*?

Benjamin De Boe created UIMA-6486:
-------------------------------------

             Summary: Fix for FileUtil vulnerability in UIMA 2.*?
                 Key: UIMA-6486
                 URL: https://issues.apache.org/jira/browse/UIMA-6486
             Project: UIMA
          Issue Type: Bug
    Affects Versions: 2.11.0SDK
            Reporter: Benjamin De Boe


Hi, 

we distribute a custom annotator built on UIMA v2, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2022-32287. We do not have any near-term bandwidth to upgrade our library to v3, and more critically some of our customers have other pipelines still running on v2 that they may not be able to migrate to v3 any time soon.

Are there any plans to deliver a new v2.11 bugfix release that addresses this vulnerability?

Thanks!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)