Merge pull request #15588 from zzzeebra/fix/security-scan-108009

Fixed CVE-2026-40682, CVE-2026-42027
4 weeks ago · 44ca83b975
1 changed files with 6 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -141,6 +141,7 @@
        <antisamy.version>1.7.5</antisamy.version>
        <snmp4j.version>3.8.0</snmp4j.version>
        <langchain4j.version>1.8.0-TB</langchain4j.version>
+        <opennlp-tools.version>2.5.9</opennlp-tools.version> <!-- to fix CVE-2026-40682, CVE-2026-42027 in transitive dep via langchain4j-bom (which still pins 2.5.4). TODO: remove when langchain4j fork ships opennlp-tools >= 2.5.9 -->
        <error_prone_annotations.version>2.38.0</error_prone_annotations.version>
        <animal-sniffer-annotations.version>1.24</animal-sniffer-annotations.version>
        <auto-value-annotations.version>1.11.0</auto-value-annotations.version>
@ -1347,6 +1348,11 @@
                <artifactId>postgresql</artifactId>
                <version>${postgresql.version}</version>
            </dependency>
+            <dependency>
+                <groupId>org.apache.opennlp</groupId>
+                <artifactId>opennlp-tools</artifactId>
+                <version>${opennlp-tools.version}</version>
+            </dependency>
            <dependency>
                <groupId>commons-io</groupId>
                <artifactId>commons-io</artifactId>