This is an automated email from the ASF dual-hosted git repository. nixon pushed a commit to branch branch-2.0 in repository https://gitbox.apache.org/repos/asf/atlas.git
commit d330da8763242faa955bb665cb74c96c5b34e7a2 Author: Rahul Nandi <[email protected]> AuthorDate: Tue Sep 15 14:04:51 2020 +0530 ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110) (cherry picked from commit d555c02ba283312e2d9b014b5d68a17da3661525) --- pom.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pom.xml b/pom.xml index 0a98cc7..aca1844 100644 --- a/pom.xml +++ b/pom.xml @@ -1665,6 +1665,13 @@ <artifactId>zkclient</artifactId> <version>${zkclient.version}</version> </dependency> + + <!-- Fix for cassandra-all tranitive dependency CVE-2017-18640 : https://nvd.nist.gov/vuln/detail/CVE-2017-18640 --> + <dependency> + <groupId>org.yaml</groupId> + <artifactId>snakeyaml</artifactId> + <version>1.26</version> + </dependency> </dependencies> </dependencyManagement>
