Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18340

Bump snakeyaml from 1.26 to 2.0

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Normal
    • Resolution: Duplicate
    • None
    • None
    • None
    • All
    • None

    Description

      snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0

      To see the CVEs, goto https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0 and seach for org.yaml » snakeyaml under compile dependencies.Vulnerabilites are listed thusly:

       

      Direct vulnerabilities:
      CVE-2022-41854
      CVE-2022-38752
      CVE-2022-38751
      View 4 more ...
      Vulnerabilities from dependencies:
      CVE-2022-22971
      CVE-2022-22970
      CVE-2022-22968

      .............

      Attachments

        Issue Links

          Activity

            People

              bipinprasad Bipin Prasad
              bipinprasad Bipin Prasad
              Bipin Prasad
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 50m
                  2h 50m