Benjamin De Boe created UIMA-6486:
-------------------------------------
Summary: Fix for FileUtil vulnerability in UIMA 2.*?
Key: UIMA-6486
URL: https://issues.apache.org/jira/browse/UIMA-6486
Project: UIMA
Issue Type: Bug
Affects Versions: 2.11.0SDK
Reporter: Benjamin De Boe
Hi,
we distribute a custom annotator built on UIMA v2, which is affected by
https://nvd.nist.gov/vuln/detail/CVE-2022-32287. We do not have any near-term
bandwidth to upgrade our library to v3, and more critically some of our
customers have other pipelines still running on v2 that they may not be able to
migrate to v3 any time soon.
Are there any plans to deliver a new v2.11 bugfix release that addresses this
vulnerability?
Thanks!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
