Owlready2 Pellet Jena Vulnerability

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Owlready2 Pellet Jena Vulnerability

devdevdevdev
Owlready2 Uses Pellet for Reasoning which is internally dependent on Apache Jena.
Jena jars are not upgraded and have vulnerabilities
Below are the list of Vulnerabilities identified in the owlready2 Package

https://nvd.nist.gov/vuln/detail/CVE-2021-39239
https://nvd.nist.gov/vuln/detail/CVE-2021-39239
Reply | Threaded
Open this post in threaded view
|

Re: Owlready2 Pellet Jena Vulnerability

Jiba
Administrator
Hello,

Pellet is 10 year old and is now unmaintained. I tried to update Jena, but there are too many incompatible changes in recent versions and it is beyond my skills.

You can either continue using Pellet despite the vulnerabilities, or you can remove pellet from Owlready (you can just delete the pellet/ directory) to get the rid of the vulnerabilities if you do not need Pellet.

Jiba