XuCongying created OPENNLP-1300:
-----------------------------------
Summary: Some dependencies contain CVEs
Key: OPENNLP-1300
URL: https://issues.apache.org/jira/browse/OPENNLP-1300
Project: OpenNLP
Issue Type: Dependency upgrade
Reporter: XuCongying
Hi, I noticed that your project are using vulnerable libraries which are
related to some CVEs. To prevent potential security risks it may cause, I
suggest to update the library dependency. Here is the details:
Vulnerable Library Version: org.apache.uima : uimaj-core : 2.3.1
CVE ID:
[CVE-2017-15691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15691)
Import Path: opennlp-uima/pom.xml
Suggested Safe Versions: 2.10.2, 2.10.3, 2.10.4, 3.0.0, 3.0.0-beta, 3.0.1,
3.0.2, 3.1.0, 3.1.1
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
