[jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix

David Capwell (Jira) Fri, 09 Oct 2020 13:04:31 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Capwell updated CASSANDRA-16150:
--------------------------------------
          Fix Version/s:     (was: 4.0-beta)
                         4.0-beta3
          Since Version: 4.0-beta1
    Source Control Link: 
https://github.com/apache/cassandra/commit/7648588b65a5801c1e8af026b6459cd65799eace
             Resolution: Fixed
                 Status: Resolved  (was: Ready to Commit)

I also validated the md5 of the lib matches maven central.

> Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
> -----------------------------------------------------------
>
>                 Key: CASSANDRA-16150
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16150
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Dependencies
>            Reporter: Rahul Nandi
>            Assignee: Rahul Nandi
>            Priority: Normal
>             Fix For: 4.0-beta3
>
>
> There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml 
> version earlier to 1.26. This has been patched into snakeyaml version 1.26.
> Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640]
> This card is expected to upgrade the snakeyaml version to 1.26.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix

Reply via email to