[ https://issues.apache.org/jira/browse/ATLAS-3940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17196760#comment-17196760 ]
ASF subversion and git services commented on ATLAS-3940: -------------------------------------------------------- Commit d330da8763242faa955bb665cb74c96c5b34e7a2 in atlas's branch refs/heads/branch-2.0 from Rahul Nandi [ https://gitbox.apache.org/repos/asf?p=atlas.git;h=d330da8 ] ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110) (cherry picked from commit d555c02ba283312e2d9b014b5d68a17da3661525) > Upgrade snakeyaml to a version without CVE-2017-18640 > ------------------------------------------------------ > > Key: ATLAS-3940 > URL: https://issues.apache.org/jira/browse/ATLAS-3940 > Project: Atlas > Issue Type: Bug > Reporter: Nixon Rodrigues > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Maven package cassandra-all has transitive dependency on > org.yaml:snakeyaml:1.11 which has > CVE-2017-18640:https://nvd.nist.gov/vuln/detail/CVE-2017-18640 -- This message was sent by Atlassian Jira (v8.3.4#803005)