[CASSANDRA-16150] Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.0-beta3, 4.0
Component/s: Dependencies
Labels:
None

Bug Category:
Correctness
Severity:
Low
Complexity:
Low Hanging Fruit
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

4.0-beta1
Source Control Link:

https://github.com/apache/cassandra/commit/7648588b65a5801c1e8af026b6459cd65799eace
Test and Documentation Plan:

Hide

unit tests

Show
unit tests

Description

There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml version earlier to 1.26. This has been patched into snakeyaml version 1.26.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-18640

This card is expected to upgrade the snakeyaml version to 1.26.

Attachments

Issue Links

causes

CASSANDRA-16234 Update NetBeans project file for dependency changes since 11th Feb 2020

Resolved

links to

GitHub PR: trunk

Activity

People

Assignee:: Rahul Nandi

Reporter:: Rahul Nandi

Authors:: Rahul Nandi

Reviewers:: Alex Petrov, David Capwell

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 30/Sep/20 05:02

Updated:: 16/Mar/22 14:14

Resolved:: 09/Oct/20 20:03

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m