[jira] [Updated] (CASSANDRA-18340) Bump snakeyaml from 1.26 to 2.0

Thu, 16 Mar 2023 12:28:10 -0700 


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-18340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated CASSANDRA-18340:
-------------------------------------
    Description: 
snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0

To see the CVEs, goto 
[https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0] 
and seach for [org.yaml|https://mvnrepository.com/artifact/org.yaml] » 
[snakeyaml|https://mvnrepository.com/artifact/org.yaml/snakeyaml] under compile 
dependencies.Vulnerabilites are listed thusly:

 

Direct vulnerabilities:
[CVE-2022-41854|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854]
[CVE-2022-38752|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752]
[CVE-2022-38751|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751]
[View 4 more ...|https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.26#]
Vulnerabilities from dependencies:
[CVE-2022-22971|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
[CVE-2022-22970|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970]
[CVE-2022-22968|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]

.............

  was:snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0


> Bump snakeyaml from 1.26 to 2.0
> -------------------------------
>
>                 Key: CASSANDRA-18340
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18340
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Bipin Prasad
>            Assignee: Bipin Prasad
>            Priority: Normal
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0
> To see the CVEs, goto 
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0] 
> and seach for [org.yaml|https://mvnrepository.com/artifact/org.yaml] » 
> [snakeyaml|https://mvnrepository.com/artifact/org.yaml/snakeyaml] under 
> compile dependencies.Vulnerabilites are listed thusly:
>  
> Direct vulnerabilities:
> [CVE-2022-41854|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854]
> [CVE-2022-38752|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752]
> [CVE-2022-38751|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751]
> [View 4 more ...|https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.26#]
> Vulnerabilities from dependencies:
> [CVE-2022-22971|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
> [CVE-2022-22970|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970]
> [CVE-2022-22968|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]
> .............



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to