This is an automated email from the ASF dual-hosted git repository. dcapwell pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push: new e37f766 Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix e37f766 is described below commit e37f766403e6911e5d965a211758387c6ef4c587 Author: Rahul Nandi <rahu...@thoughtworks.com> AuthorDate: Fri Oct 9 10:56:55 2020 -0700 Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix patch by Rahul Nandi; reviewed by Alex Petrov, David Capwell for CASSANDRA-16150 --- CHANGES.txt | 1 + build.xml | 3 +-- lib/snakeyaml-1.23.jar | Bin 301298 -> 0 bytes lib/snakeyaml-1.26.jar | Bin 0 -> 309001 bytes 4 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index a990fb0..289d4e8 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -18,6 +18,7 @@ * NPE thrown while updating speculative execution time if keyspace is removed during task execution (CASSANDRA-15949) * Show the progress of data streaming and index build (CASSANDRA-15406) * Add flag to disable chunk cache and disable by default (CASSANDRA-16036) + * Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix (CASSANDRA-16150) Merged from 3.11: * Fix memory leak in CompressedChunkReader (CASSANDRA-15880) * Don't attempt value skipping with mixed version cluster (CASSANDRA-15833) diff --git a/build.xml b/build.xml index 6a3eb1e..e026630 100644 --- a/build.xml +++ b/build.xml @@ -583,8 +583,7 @@ <dependency groupId="com.googlecode.json-simple" artifactId="json-simple" version="1.1"/> <dependency groupId="com.boundary" artifactId="high-scale-lib" version="1.0.6"/> <dependency groupId="com.github.jbellis" artifactId="jamm" version="${jamm.version}"/> - - <dependency groupId="org.yaml" artifactId="snakeyaml" version="1.23"/> + <dependency groupId="org.yaml" artifactId="snakeyaml" version="1.26"/> <dependency groupId="junit" artifactId="junit" version="4.12" /> <dependency groupId="org.mockito" artifactId="mockito-core" version="3.2.4" /> <dependency groupId="org.quicktheories" artifactId="quicktheories" version="0.25" /> diff --git a/lib/snakeyaml-1.23.jar b/lib/snakeyaml-1.23.jar deleted file mode 100644 index adcef4f..0000000 Binary files a/lib/snakeyaml-1.23.jar and /dev/null differ diff --git a/lib/snakeyaml-1.26.jar b/lib/snakeyaml-1.26.jar new file mode 100644 index 0000000..8f301fd Binary files /dev/null and b/lib/snakeyaml-1.26.jar differ --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org