[cassandra] branch trunk updated: Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix

dcapwell Fri, 09 Oct 2020 13:03:38 -0700

This is an automated email from the ASF dual-hosted git repository.

dcapwell pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git



The following commit(s) were added to refs/heads/trunk by this push:
     new e37f766  Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
e37f766 is described below

commit e37f766403e6911e5d965a211758387c6ef4c587
Author: Rahul Nandi <rahu...@thoughtworks.com>
AuthorDate: Fri Oct 9 10:56:55 2020 -0700

    Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
    
    patch by Rahul Nandi; reviewed by Alex Petrov, David Capwell for 
CASSANDRA-16150
---
 CHANGES.txt            |   1 +
 build.xml              |   3 +--
 lib/snakeyaml-1.23.jar | Bin 301298 -> 0 bytes
 lib/snakeyaml-1.26.jar | Bin 0 -> 309001 bytes
 4 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index a990fb0..289d4e8 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -18,6 +18,7 @@
  * NPE thrown while updating speculative execution time if keyspace is removed 
during task execution (CASSANDRA-15949)
  * Show the progress of data streaming and index build (CASSANDRA-15406)
  * Add flag to disable chunk cache and disable by default (CASSANDRA-16036)
+ * Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix 
(CASSANDRA-16150)
 Merged from 3.11:
  * Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
  * Don't attempt value skipping with mixed version cluster (CASSANDRA-15833)
diff --git a/build.xml b/build.xml
index 6a3eb1e..e026630 100644
--- a/build.xml
+++ b/build.xml
@@ -583,8 +583,7 @@
           <dependency groupId="com.googlecode.json-simple" 
artifactId="json-simple" version="1.1"/>
           <dependency groupId="com.boundary" artifactId="high-scale-lib" 
version="1.0.6"/>
           <dependency groupId="com.github.jbellis" artifactId="jamm" 
version="${jamm.version}"/>
-
-          <dependency groupId="org.yaml" artifactId="snakeyaml" 
version="1.23"/>
+          <dependency groupId="org.yaml" artifactId="snakeyaml" 
version="1.26"/>
           <dependency groupId="junit" artifactId="junit" version="4.12" />
           <dependency groupId="org.mockito" artifactId="mockito-core" 
version="3.2.4" />
           <dependency groupId="org.quicktheories" artifactId="quicktheories" 
version="0.25" />
diff --git a/lib/snakeyaml-1.23.jar b/lib/snakeyaml-1.23.jar
deleted file mode 100644
index adcef4f..0000000
Binary files a/lib/snakeyaml-1.23.jar and /dev/null differ
diff --git a/lib/snakeyaml-1.26.jar b/lib/snakeyaml-1.26.jar
new file mode 100644
index 0000000..8f301fd
Binary files /dev/null and b/lib/snakeyaml-1.26.jar differ


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[cassandra] branch trunk updated: Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix

Reply via email to