[
https://issues.apache.org/jira/browse/OPENNLP-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17060840#comment-17060840
]
ASF GitHub Bot commented on OPENNLP-1300:
-----------------------------------------
jzonthemtn commented on pull request #372: OPENNLP-1300: Upgrading UIMA
dependency.
URL: https://github.com/apache/opennlp/pull/372
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Some dependencies contain CVEs
> ------------------------------
>
> Key: OPENNLP-1300
> URL: https://issues.apache.org/jira/browse/OPENNLP-1300
> Project: OpenNLP
> Issue Type: Dependency upgrade
> Reporter: XuCongying
> Assignee: Jeffrey T. Zemerick
> Priority: Major
>
> Hi, I noticed that your project are using vulnerable libraries which are
> related to some CVEs. To prevent potential security risks it may cause, I
> suggest to update the library dependency. Here is the details:
>
> Vulnerable Library Version: org.apache.uima : uimaj-core : 2.3.1
> CVE ID:
> [CVE-2017-15691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15691)
> Import Path: opennlp-uima/pom.xml
> Suggested Safe Versions: 2.10.2, 2.10.3, 2.10.4, 3.0.0, 3.0.0-beta, 3.0.1,
> 3.0.2, 3.1.0, 3.1.1
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
