fabriziofortino opened a new pull request, #1110: URL: https://github.com/apache/jackrabbit-oak/pull/1110
https://nvd.nist.gov/vuln/detail/CVE-2022-1471 snakeyaml 1.33 is vulnerable to remote code execution. A better solution would be to get rid of the es high-level client completely. This would require more time because of the changes needed to replace the bulk processor. We can safely exclude this dependency since it's not used in our codebase. As part of this PR, the es high-level client has been updated to the latest available version. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
