[
https://issues.apache.org/jira/browse/UIMA-6486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17679777#comment-17679777
]
Benjamin De Boe commented on UIMA-6486:
---------------------------------------
It seems this was addressed for v3.3.* through UIMA-6469 (well, that's a
half-educated guess)
> Fix for FileUtil vulnerability in UIMA 2.*?
> -------------------------------------------
>
> Key: UIMA-6486
> URL: https://issues.apache.org/jira/browse/UIMA-6486
> Project: UIMA
> Issue Type: Bug
> Affects Versions: 2.11.0SDK
> Reporter: Benjamin De Boe
> Priority: Major
>
> Hi,
> we distribute a custom annotator built on UIMA v2, which is affected by
> https://nvd.nist.gov/vuln/detail/CVE-2022-32287. We do not have any near-term
> bandwidth to upgrade our library to v3, and more critically some of our
> customers have other pipelines still running on v2 that they may not be able
> to migrate to v3 any time soon.
> Are there any plans to deliver a new v2.11 bugfix release that addresses this
> vulnerability?
> Thanks!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
