You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/02/05 14:06:58 UTC

[GitHub] [rocketmq] pjfanning opened a new issue #3814: upgrade snakeyaml due to CVE

pjfanning opened a new issue #3814:
URL: https://github.com/apache/rocketmq/issues/3814


   **BUG REPORT**
   
   snakeyaml 1.19 has a serious issue - https://mvnrepository.com/artifact/org.yaml/snakeyaml - an entity expansion vulnerability


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] Kvicii commented on issue #3814: upgrade snakeyaml due to CVE

Posted by GitBox <gi...@apache.org>.

Kvicii commented on issue #3814:
URL: https://github.com/apache/rocketmq/issues/3814#issuecomment-1030631727


   @pjfanning thanks for your report,
   @dongeforever we need upgrade it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] pjfanning commented on issue #3814: upgrade snakeyaml due to CVE

Posted by GitBox <gi...@apache.org>.

pjfanning commented on issue #3814:
URL: https://github.com/apache/rocketmq/issues/3814#issuecomment-1030632015


   I submitted https://github.com/apache/rocketmq/pull/3815


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] duhenglucky closed issue #3814: upgrade snakeyaml due to CVE

Posted by GitBox <gi...@apache.org>.

duhenglucky closed issue #3814:
URL: https://github.com/apache/rocketmq/issues/3814


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org