pabloem opened a new issue, #25449: URL: https://github.com/apache/beam/issues/25449
### What happened? Here is a document outlining why Beam is not vulnerable to CVE-2022-1471: https://s.apache.org/beam-and-cve-2022-1471 The shortest explanation is that Beam depends on SnakeYAML through `jackson-dataformat-yaml`, and `jackson-dataformat-yaml` is not vulnerable to it (see https://github.com/FasterXML/jackson-dataformats-text/issues/361) ### Issue Priority Priority: 2 (default / most bugs should be filed as P2) ### Issue Components - [ ] Component: Python SDK - [ ] Component: Java SDK - [ ] Component: Go SDK - [ ] Component: Typescript SDK - [X] Component: IO connector - [ ] Component: Beam examples - [ ] Component: Beam playground - [ ] Component: Beam katas - [ ] Component: Website - [ ] Component: Spark Runner - [ ] Component: Flink Runner - [ ] Component: Samza Runner - [ ] Component: Twister2 Runner - [ ] Component: Hazelcast Jet Runner - [ ] Component: Google Cloud Dataflow Runner -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
