[
https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204932#comment-17204932
]
Ekaterina Dimitrova commented on CASSANDRA-16150:
-------------------------------------------------
[~dcapwell] I think you reverted a snakeyaml patch from another ticket recently?
Just decided to mention it as, as far as I remember, the update there led to
ClassCastExceptions.
So further to the Cassandra specifics, probably worth to check on snakeyaml
side what breaking changes were done in the new version that might require
additional work on our end (if it wasn't checked already)
> Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
> -----------------------------------------------------------
>
> Key: CASSANDRA-16150
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16150
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Rahul Nandi
> Assignee: Rahul Nandi
> Priority: Normal
> Fix For: 4.x
>
>
> There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml
> version earlier to 1.26. This has been patched into snakeyaml version 1.26.
> Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640]
> This card is expected to upgrade the snakeyaml version to 1.26.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
