[
https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205080#comment-17205080
]
Ekaterina Dimitrova commented on CASSANDRA-16150:
-------------------------------------------------
Ok, bad example. I meant to say that sometimes vendors (we do it in cassandra)
make changes which will require some additional work and if we read the notes
in advance that my save some time and efforts, sometimes even headache. :)
Tried to help not to point out someone for something... Hope I was understood
correctly.
Moving away, there is a committer already doing the review :)
> Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
> -----------------------------------------------------------
>
> Key: CASSANDRA-16150
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16150
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Rahul Nandi
> Assignee: Rahul Nandi
> Priority: Normal
> Fix For: 4.x
>
>
> There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml
> version earlier to 1.26. This has been patched into snakeyaml version 1.26.
> Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640]
> This card is expected to upgrade the snakeyaml version to 1.26.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
