bdeboe opened a new issue, #289: URL: https://github.com/apache/uima-uimaj/issues/289
Reposting [UIMA-6486](https://issues.apache.org/jira/browse/UIMA-6486) (JIRA is no longer used) > Hi, > > we distribute a custom annotator built on UIMA v2, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2022-32287. We do not have any near-term bandwidth to upgrade our library to v3, and more critically some of our customers have other pipelines still running on v2 that they may not be able to migrate to v3 any time soon. > > Are there any plans to deliver a new v2.11 bugfix release that addresses this vulnerability? > > Thanks! It appears to have been addressed for the main v3 branch through PRs #209 and #211 @reckart already responded v2 is no longer maintained. While I think I should be able to pick up the required changes and move them to `main-v2`, but not sure how much further I'd be able to take that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@uima.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
