Details
Description
- https://github.com/advisories/GHSA-mjmj-j48q-9wg2
- I don't think this needs to go in v3.3.5 - since this CVE affects part of snakeyaml that hadoop doesn't use
Attachments
Issue Links
- is duplicated by
-
HADOOP-18719 upgrade snakeyaml to 2.0 (fixes CVE-2022-1471)
- Resolved
- is related to
-
HADOOP-18472 Upgrade to snakeyaml 1.33
- Resolved
- relates to
-
YARN-11535 Remove jackson-dataformat-yaml dependency
- Resolved
- links to