[HADOOP-18443] Upgrade snakeyaml to 1.32 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.3, 3.3.4
Fix Version/s: 3.4.0, 3.3.5, 3.2.5
Component/s: security
Labels:
- pull-request-available

Target Version/s:

3.4.0, 3.3.5
Hadoop Flags:

Reviewed

Description

Upgrade snakeyaml to 1.32 to mitigate CVE-2022-25857 and CVE-2022-38752

Attachments

Issue Links

is related to

HADOOP-18472 Upgrade to snakeyaml 1.33

Resolved

links to

GitHub Pull Request #4856

GitHub Pull Request #4873

GitHub Pull Request #4874

GitHub Pull Request #4906

Activity

People

Assignee:: Ashutosh Gupta

Reporter:: Ashutosh Gupta

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 05/Sep/22 17:24

Updated:: 28/Jan/24 00:10

Resolved:: 25/Sep/22 14:51