[OPENNLP-1300] Some dependencies contain CVEs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.9.3
Component/s: None
Labels:
None

Description

Hi, I noticed that your project are using vulnerable libraries which are related to some CVEs. To prevent potential security risks it may cause, I suggest to update the library dependency. Here is the details:

Vulnerable Library Version: org.apache.uima : uimaj-core : 2.3.1
CVE ID: [CVE-2017-15691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15691)
Import Path: opennlp-uima/pom.xml
Suggested Safe Versions: 2.10.2, 2.10.3, 2.10.4, 3.0.0, 3.0.0-beta, 3.0.1, 3.0.2, 3.1.0, 3.1.1

Attachments

Issue Links

links to

GitHub Pull Request #372

Activity

People

Assignee:: Jeff Zemerick

Reporter:: XuCongying

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/Mar/20 13:26

Updated:: 02/Jun/20 14:31

Resolved:: 02/Jun/20 14:31