[CASSANDRA-18340] Bump snakeyaml from 1.26 to 2.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Normal
Resolution: Duplicate
Fix Version/s: None
Component/s: None
Labels:
None

Platform:

All
Impacts:

None

Description

snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0

To see the CVEs, goto https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0 and seach for org.yaml » snakeyaml under compile dependencies.Vulnerabilites are listed thusly:

Direct vulnerabilities:
CVE-2022-41854
CVE-2022-38752
CVE-2022-38751
View 4 more ...
Vulnerabilities from dependencies:
CVE-2022-22971
CVE-2022-22970
CVE-2022-22968

.............

Attachments

Issue Links

duplicates

CASSANDRA-18083 snakeyaml-1.26.jar: CVE-2022-41854

Resolved

is duplicated by

CASSANDRA-18672 Bump snakeyaml from 1.26 to 2.0

Resolved

links to

GitHub Pull Request #2224

GitHub Pull Request #2455

Activity

People

Assignee:: Bipin Prasad

Reporter:: Bipin Prasad

Authors:: Bipin Prasad

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 16/Mar/23 19:09

Updated:: 17/Jul/23 15:07

Resolved:: 16/Mar/23 19:38

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

2h 50m