[
https://issues.apache.org/jira/browse/OPENNLP-1820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18095874#comment-18095874
]
Richard Zowalla edited comment on OPENNLP-1820 at 7/13/26 12:06 PM:
--------------------------------------------------------------------
The CVE record is up 2 date and contains the new version. 3rd party use (like
on mvnrepository) is out of control. It explicitly states *before 1.9.5*
was (Author: rzo1):
The CVE record is up 2 date and contains the new version. 3rd party use (like
on mvnrepository) is out of control.
> Restrict ExtensionLoader to allowlisted package prefixes
> --------------------------------------------------------
>
> Key: OPENNLP-1820
> URL: https://issues.apache.org/jira/browse/OPENNLP-1820
> Project: OpenNLP
> Issue Type: Bug
> Affects Versions: 2.5.8, 3.0.0-M1, 3.0.0-M2
> Reporter: Martin Wiesner
> Assignee: Richard Zowalla
> Priority: Minor
> Fix For: 1.9.5, 2.5.9, 3.0.0-M3
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)