[ https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17206376#comment-17206376 ]
David Capwell commented on CASSANDRA-16150: ------------------------------------------- I am going to run the branch through CI just to make sure nothing breaks like the upgrade to 1.23 did. [~ifesdjeen] you switched the branch to 1.23 for harry reasons, can you also take a look at this to make sure this works well with harry? > Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix > ----------------------------------------------------------- > > Key: CASSANDRA-16150 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16150 > Project: Cassandra > Issue Type: Bug > Components: Dependencies > Reporter: Rahul Nandi > Assignee: Rahul Nandi > Priority: Normal > Fix For: 4.x > > > There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml > version earlier to 1.26. This has been patched into snakeyaml version 1.26. > Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640] > This card is expected to upgrade the snakeyaml version to 1.26. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org