Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-16150

Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • 4.0-beta3, 4.0
    • Dependencies
    • None

    Description

      There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml version earlier to 1.26. This has been patched into snakeyaml version 1.26.

      Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-18640

      This card is expected to upgrade the snakeyaml version to 1.26.

      Attachments

        Issue Links

          Activity

            People

              crazylab Rahul Nandi
              crazylab Rahul Nandi
              Rahul Nandi
              Alex Petrov, David Capwell
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m