[
https://issues.apache.org/jira/browse/UIMA-6486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17679776#comment-17679776
]
Richard Eckart de Castilho commented on UIMA-6486:
--------------------------------------------------
There are no plans to release any new versions of the 2.x line. We have even
removed references to v2 from the website recently - it is no longer supported.
The suggested course of action is to upgrade to v3.
Alternatively, you can fix the issue yourself and perform an internal release.
Or you could become a contributor, fix v2 and propose to prepare a new release
yourself. New contributors are always welcome.
We also do not use Jira anymore. Please open issues in the GitHub issue
tracker: https://github.com/apache/uima-uimaj/issues/new/choose
> Fix for FileUtil vulnerability in UIMA 2.*?
> -------------------------------------------
>
> Key: UIMA-6486
> URL: https://issues.apache.org/jira/browse/UIMA-6486
> Project: UIMA
> Issue Type: Bug
> Affects Versions: 2.11.0SDK
> Reporter: Benjamin De Boe
> Priority: Major
>
> Hi,
> we distribute a custom annotator built on UIMA v2, which is affected by
> https://nvd.nist.gov/vuln/detail/CVE-2022-32287. We do not have any near-term
> bandwidth to upgrade our library to v3, and more critically some of our
> customers have other pipelines still running on v2 that they may not be able
> to migrate to v3 any time soon.
> Are there any plans to deliver a new v2.11 bugfix release that addresses this
> vulnerability?
> Thanks!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
