[ https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204967#comment-17204967 ]
David Capwell commented on CASSANDRA-16150: ------------------------------------------- bq. I think you reverted a snakeyaml upgrade patch from another ticket recently? What? [~ifesdjeen] just upgraded to 1.23 for a harry patch and he fixed a bug caused after the merge; trunk is currently 1.23. bq. Just decided to mention it as, as far as I remember, the update there led to ClassCastExceptions. Fixed in commit {code} commit fb49ab2b12bf813697971b41fe47ac11f4a240c0 Author: Alex Petrov <oleksandr.pet...@gmail.com> Date: Sun Sep 20 13:24:22 2020 +0300 Fix test failure caused by CASSANDRA-16102 Patch by Alex Petrov; reviewed by David Capwell for CASSANDRA-16102 {code} bq. So further to the Cassandra specifics, probably worth to check on snakeyaml side what breaking changes were done in the new version that might require additional work on our end (if it wasn't checked already) Yep, a good place to start is unit + dtest. I can run the dtests, was hoping [~crazylab] would take the unit tests. > Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix > ----------------------------------------------------------- > > Key: CASSANDRA-16150 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16150 > Project: Cassandra > Issue Type: Bug > Components: Dependencies > Reporter: Rahul Nandi > Assignee: Rahul Nandi > Priority: Normal > Fix For: 4.x > > > There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml > version earlier to 1.26. This has been patched into snakeyaml version 1.26. > Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640] > This card is expected to upgrade the snakeyaml version to 1.26. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org