[
https://issues.apache.org/jira/browse/TINKERPOP-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704672#comment-17704672
]
Aaron Coady commented on TINKERPOP-2902:
----------------------------------------
These three tests in gremlin-core have exposed that we need an update to
commons-configuration2 as part of this update. Commons-configuraiton2 uses the
constructor that is removed in version 2.0.
* shouldOpenViaYamlFileConfig
* shouldOpenViaYmlFileConfig
* shouldThrowOnInvalidConfigTypeViaFileConfig
I have opened this issue to track the release of this:
https://issues.apache.org/jira/browse/CONFIGURATION-829
It seems that this has been addressed by this pull request:
https://github.com/apache/commons-configuration/pull/282
> Critical security vulnerability in snakeyaml
> --------------------------------------------
>
> Key: TINKERPOP-2902
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2902
> Project: TinkerPop
> Issue Type: Bug
> Components: console, server
> Affects Versions: 3.6.2, 3.5.5
> Reporter: Aaron Coady
> Priority: Major
>
> This critical security vulnerability was identified in versions of snakeyaml
> prior to 2.0
> [https://nvd.nist.gov/vuln/detail/CVE-2022-1471]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
