[ 
https://issues.apache.org/jira/browse/OPENNLP-1820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18095874#comment-18095874
 ] 

Richard Zowalla commented on OPENNLP-1820:
------------------------------------------

The CVE record is up 2 date and contains the new version. 3rd party use (like 
on mvnrepository) is out of control.

> Restrict ExtensionLoader to allowlisted package prefixes
> --------------------------------------------------------
>
>                 Key: OPENNLP-1820
>                 URL: https://issues.apache.org/jira/browse/OPENNLP-1820
>             Project: OpenNLP
>          Issue Type: Bug
>    Affects Versions: 2.5.8, 3.0.0-M1, 3.0.0-M2
>            Reporter: Martin Wiesner
>            Assignee: Richard Zowalla
>            Priority: Minor
>             Fix For: 1.9.5, 2.5.9, 3.0.0-M3
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to