0.21.0
Breaking Changes📦 unstructuredView on GitHub →
⚠ 1 breaking✨ 1 features🐛 1 fixes🔧 2 symbols
Summary
Version 0.21.0 replaces the vulnerable NLTK dependency with spaCy to fix a critical RCE vulnerability (CVE-2025-14009) in the downloader mechanism.
⚠️ Breaking Changes
- The dependency on NLTK has been removed. Any code relying on NLTK's downloader or specific NLTK data structures will need to be updated to use spaCy equivalents.
Migration Steps
- Update code to use spaCy models and APIs instead of NLTK components.
- Remove any explicit dependency management or calls related to NLTK data downloading.
✨ New Features
- Replaced NLTK dependency with spaCy for NLP tasks.
🐛 Bug Fixes
- Remediated CVE-2025-14009 by replacing NLTK, which used vulnerable zipfile.extractall() in its downloader, with spaCy models installed via pip.