[
https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204839#comment-17204839
]
Ekaterina Dimitrova commented on CASSANDRA-16150:
-------------------------------------------------
Hi [~crazylab], please, let us know if you need any help with this update (I
guess you will be working on it as you assigned it?)
Some reference about updating dependencies in Cassandra(sorry if you are
already aware of this doc, just wanted to save you some time if you haven't :)):
https://cassandra.apache.org/doc/latest/development/dependencies.html
> Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
> -----------------------------------------------------------
>
> Key: CASSANDRA-16150
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16150
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Rahul Nandi
> Assignee: Rahul Nandi
> Priority: Normal
> Fix For: 4.x
>
>
> There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml
> version earlier to 1.26. This has been patched into snakeyaml version 1.26.
> Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640]
> This card is expected to upgrade the snakeyaml version to 1.26.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
