[
https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205080#comment-17205080
]
Ekaterina Dimitrova edited comment on CASSANDRA-16150 at 9/30/20, 10:38 PM:
----------------------------------------------------------------------------
Ok, bad example. I meant to say that sometimes vendors (we do it in cassandra)
make changes which will require some additional work during upgrade and if we
read the notes in advance that my save some time and efforts, sometimes even
headache. :) Tried to help not to point out someone for something... Hope I was
understood correctly.
Moving away, there is a committer already doing the review :)
was (Author: e.dimitrova):
Ok, bad example. I meant to say that sometimes vendors (we do it in cassandra)
make changes which will require some additional work and if we read the notes
in advance that my save some time and efforts, sometimes even headache. :)
Tried to help not to point out someone for something... Hope I was understood
correctly.
Moving away, there is a committer already doing the review :)
> Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
> -----------------------------------------------------------
>
> Key: CASSANDRA-16150
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16150
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Rahul Nandi
> Assignee: Rahul Nandi
> Priority: Normal
> Fix For: 4.x
>
>
> There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml
> version earlier to 1.26. This has been patched into snakeyaml version 1.26.
> Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640]
> This card is expected to upgrade the snakeyaml version to 1.26.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
