You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "David Capwell (Jira)" <ji...@apache.org> on 2020/10/02 19:10:00 UTC
[jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml >=
1.26 version for CVE-2017-18640 fix
[ https://issues.apache.org/jira/browse/CASSANDRA-16150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17206382#comment-17206382 ]
David Capwell edited comment on CASSANDRA-16150 at 10/2/20, 7:09 PM:
---------------------------------------------------------------------
Trigged build: https://ci-cassandra.apache.org/job/Cassandra-devbranch/56/
was (Author: dcapwell):
Trigged build: https://ci-cassandra.apache.org/job/Cassandra-devbranch/54/
> Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
> -----------------------------------------------------------
>
> Key: CASSANDRA-16150
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16150
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Rahul Nandi
> Assignee: Rahul Nandi
> Priority: Normal
> Fix For: 4.x
>
>
> There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml version earlier to 1.26. This has been patched into snakeyaml version 1.26.
> Reference: [https://nvd.nist.gov/vuln/detail/CVE-2017-18640]
> This card is expected to upgrade the snakeyaml version to 1.26.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org