[UIMA-6486] Fix for FileUtil vulnerability in UIMA 2.*? - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Abandoned
Affects Version/s: 2.11.0SDK
Fix Version/s: None
Component/s: None
Labels:
None

Description

Hi,

we distribute a custom annotator built on UIMA v2, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2022-32287. We do not have any near-term bandwidth to upgrade our library to v3, and more critically some of our customers have other pipelines still running on v2 that they may not be able to migrate to v3 any time soon.

Are there any plans to deliver a new v2.11 bugfix release that addresses this vulnerability?

Thanks!

Attachments

Activity

People

Assignee:: Richard Eckart de Castilho

Reporter:: Benjamin De Boe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Jan/23 12:23

Updated:: 23/Jan/23 12:31

Resolved:: 23/Jan/23 12:31