[atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)

nixon Tue, 15 Sep 2020 01:35:42 -0700

This is an automated email from the ASF dual-hosted git repository.

nixon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/atlas.git



The following commit(s) were added to refs/heads/master by this push:
     new d555c02  ATLAS-3940 : Upgrade snakeyaml to a version without 
CVE-2017-18640 (#110)
d555c02 is described below

commit d555c02ba283312e2d9b014b5d68a17da3661525
Author: Rahul Nandi <[email protected]>
AuthorDate: Tue Sep 15 14:04:51 2020 +0530

    ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)
---
 pom.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pom.xml b/pom.xml
index a8d0fd0..6b5d2fd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1665,6 +1665,13 @@
                 <artifactId>zkclient</artifactId>
                 <version>${zkclient.version}</version>
             </dependency>
+          
+          <!-- Fix for cassandra-all tranitive dependency CVE-2017-18640 : 
https://nvd.nist.gov/vuln/detail/CVE-2017-18640 -->
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>1.26</version>
+            </dependency>
 
         </dependencies>
     </dependencyManagement>

[atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)

Reply via email to