[jira] [Commented] (CASSANDRA-18672) Bump snakeyaml from 1.26 to 2.0

Mon, 17 Jul 2023 09:00:29 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17743857#comment-17743857
 ] 

Brandon Williams commented on CASSANDRA-18672:
----------------------------------------------

Please read through CASSANDRA-18340 to understand why those are not a problem.

> Bump snakeyaml from 1.26 to 2.0
> -------------------------------
>
>                 Key: CASSANDRA-18672
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18672
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Dinuth De Zoysa
>            Priority: Normal
>
> snakeyaml 1.26 has CVEs. Bump version for snakeyaml from 1.26 to 2.0
> To see the CVEs, goto 
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.1.0] 
> and seach for [org.yaml|https://mvnrepository.com/artifact/org.yaml] » 
> [snakeyaml|https://mvnrepository.com/artifact/org.yaml/snakeyaml] under 
> compile dependencies.Vulnerabilites are listed thusly:
> Direct vulnerabilities:
> [CVE-2022-41854|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854]
> [CVE-2022-38752|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752]
> [CVE-2022-38751|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751]
> [View 4 more ...|https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.26#]
> Vulnerabilities from dependencies:
> [CVE-2022-22971|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
> [CVE-2022-22970|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970]
> [CVE-2022-22968|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]
> GitHub Issue:
> https://github.com/apache/cassandra/pull/2455



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to