Dinuth De Zoysa created CASSANDRA-18672:
-------------------------------------------
Summary: Bump snakeyaml from 1.26 to 2.0
Key: CASSANDRA-18672
URL: https://issues.apache.org/jira/browse/CASSANDRA-18672
Project: Cassandra
Issue Type: New Feature
Reporter: Dinuth De Zoysa
snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0
To see the CVEs, goto
[https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0]
and seach for [org.yaml|https://mvnrepository.com/artifact/org.yaml] »
[snakeyaml|https://mvnrepository.com/artifact/org.yaml/snakeyaml] under compile
dependencies.Vulnerabilites are listed thusly:
Direct vulnerabilities:
[CVE-2022-41854|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854]
[CVE-2022-38752|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752]
[CVE-2022-38751|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751]
[View 4 more ...|https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.26#]
Vulnerabilities from dependencies:
[CVE-2022-22971|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
[CVE-2022-22970|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970]
[CVE-2022-22968|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]
GitHub Issue:
https://github.com/apache/cassandra/pull/2455
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
