Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18672

Bump snakeyaml from 1.26 to 2.0

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Normal
    • Resolution: Duplicate
    • None
    • None
    • None
    • All
    • None

    Description

      snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0

      To see the CVEs, goto https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0 and seach for org.yaml » snakeyaml under compile dependencies.Vulnerabilites are listed thusly:

      Direct vulnerabilities:
      CVE-2022-41854
      CVE-2022-38752
      CVE-2022-38751
      View 4 more ...
      Vulnerabilities from dependencies:
      CVE-2022-22971
      CVE-2022-22970
      CVE-2022-22968

      GitHub Issue:

      https://github.com/apache/cassandra/pull/2455

      Attachments

        Issue Links

          duplicates

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-18340 Bump snakeyaml from 1.26 to 2.0

          • Normal -
          • Resolved

          Activity

            People

              Unassigned Unassigned
              mdinuth Dinuth De Zoysa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: