eccenca · msaipraneeth · Jan 27, 2026 · Jan 7, 2026 · Jan 8, 2026 · Jan 23, 2026
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v8.2.0
+_commit: v8.3.0
 _src_path: gh:eccenca/cmem-plugin-template
 author_mail: cmempy-developer@eccenca.com
 author_name: eccenca GmbH

diff --git a/.idea/cmem-plugin-reason.iml b/.idea/cmem-plugin-reason.iml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,8 +7,14 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 
 ## [Unreleased]
 
-TODO: add at least one Added, Changed, Deprecated, Removed, Fixed or Security section
+### Fixed
+
+- Fix robot.jar vulnerability CVE-2026-1225
+
+### Changed
 
+- Update template to 8.3.0.
+- Allow urn URIs in graph parameters.
 
 ## [2.2.1] 2025-11-27
 

diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -51,7 +51,7 @@ tasks:
       Check poetry versioning plugin. Currently not under Windows
     run: once
     preconditions:
-      - sh: '[ -d .git ]'
+      - sh: git -C . rev-parse
         msg: >
           Your newly created project directory needs to be initialized
           as a git repository.

diff --git a/cmem_plugin_reason/plugin_reason.py b/cmem_plugin_reason/plugin_reason.py
@@ -6,7 +6,6 @@
 from tempfile import TemporaryDirectory
 from uuid import uuid4
 
-import validators.url
 from cmem.cmempy.dp.proxy.graph import get, get_graph_import_tree, get_graphs_list
 from cmem.cmempy.dp.proxy.update import post
 from cmem_plugin_base.dataintegration.context import ExecutionContext, ExecutionReport
@@ -33,6 +32,7 @@
     create_xml_catalog_file,
     get_file_with_datetime,
     get_output_graph_label,
+    is_valid_uri,
     post_profiles,
     post_provenance,
     robot,
@@ -342,11 +342,11 @@ def __init__(  # noqa: PLR0913 C901
             "ObjectPropertyDomain": object_property_domain,
         }
         errors = ""
-        if not validators.url(data_graph_iri):
+        if not is_valid_uri(data_graph_iri):
             errors += 'Invalid IRI for parameter "Data graph IRI". '
-        if not validators.url(ontology_graph_iri):
+        if not is_valid_uri(ontology_graph_iri):
             errors += 'Invalid IRI for parameter "Ontology graph IRI". '
-        if not validators.url(output_graph_iri):
+        if not is_valid_uri(output_graph_iri):
             errors += 'Invalid IRI for parameter "Result graph IRI". '
         if output_graph_iri == data_graph_iri:
             errors += "Result graph IRI cannot be the same as the data graph IRI. "

diff --git a/cmem_plugin_reason/plugin_validate.py b/cmem_plugin_reason/plugin_validate.py
@@ -6,7 +6,6 @@
 from tempfile import TemporaryDirectory
 from uuid import uuid4
 
-import validators.url
 from cmem.cmempy.dp.proxy.graph import get, get_graph_import_tree, get_graphs_list
 from cmem.cmempy.workspace.projects.resources.resource import create_resource
 from cmem_plugin_base.dataintegration.context import ExecutionContext, ExecutionReport
@@ -33,6 +32,7 @@
     create_xml_catalog_file,
     get_file_with_datetime,
     get_output_graph_label,
+    is_valid_uri,
     post_profiles,
     post_provenance,
     robot,
@@ -130,9 +130,9 @@ def __init__(  # noqa: PLR0912 PLR0913 C901
         max_ram_percentage: int = MAX_RAM_PERCENTAGE_DEFAULT,
     ) -> None:
         errors = ""
-        if not validators.url(ontology_graph_iri):
+        if not is_valid_uri(ontology_graph_iri):
             errors += 'Invalid IRI for parameter "Ontology graph IRI." '
-        if output_graph_iri and not validators.url(output_graph_iri):
+        if output_graph_iri and not is_valid_uri(output_graph_iri):
             errors += 'Invalid IRI for parameter "Output graph IRI". '
         if output_graph_iri and output_graph_iri == ontology_graph_iri:
             errors += "Output graph IRI cannot be the same as the Ontology graph IRI. "

diff --git a/cmem_plugin_reason/robot.jar b/cmem_plugin_reason/robot.jar
diff --git a/cmem_plugin_reason/utils.py b/cmem_plugin_reason/utils.py
@@ -6,11 +6,13 @@
 from datetime import UTC, datetime
 from io import BytesIO
 from pathlib import Path
+from re import IGNORECASE, match
 from secrets import token_hex
 from subprocess import CompletedProcess, run
 from time import time
 from xml.etree.ElementTree import Element, SubElement, tostring
 
+import validators.url
 from cmem.cmempy.dp.proxy.graph import get_graphs_list, post_streamed
 from cmem.cmempy.dp.proxy.sparql import post as post_select
 from cmem.cmempy.dp.proxy.update import post as post_update
@@ -265,3 +267,11 @@ def cancel_workflow(plugin: WorkflowPlugin) -> bool:
         plugin.context.report.update(ExecutionReport(entity_count=0, operation_desc="(cancelled)"))
         return True
     return False
+
+
+def is_valid_uri(uri: str | None) -> bool:
+    """Validate URI"""
+    if not isinstance(uri, str):
+        return False
+    urn_pattern = r"^urn:[a-zA-Z0-9][a-zA-Z0-9-]{1,31}:.+$"
+    return validators.url(uri) is True or bool(match(urn_pattern, uri, IGNORECASE))