You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@olwulff Please note that although we cannot (for backwards-compatibility concerns) update this for older versions, it is likely that local override of dependencies allows developers to upgrade SnakeYAML dependency too.
... despite it not being needed at all. As per @yawkat Jackson YAML module is not affected by these Vulns/CVEs at all. Yet another case of Silly Security Theater.
This library must be upgraded to snakeyaml 2.0 to fix the below CVE:
https://nvd.nist.gov/vuln/detail/CVE-2022-1471
The text was updated successfully, but these errors were encountered: