You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by "pabloem (via GitHub)" <gi...@apache.org> on 2023/02/13 17:10:20 UTC

[GitHub] [beam] pabloem opened a new issue, #25449: [Bug]: Beam depends on SnakeYAML, but is not vulnerable to CVE-2022-1471

pabloem opened a new issue, #25449:
URL: https://github.com/apache/beam/issues/25449

   ### What happened?
   
   Here is a document outlining why Beam is not vulnerable to CVE-2022-1471:
   
   https://s.apache.org/beam-and-cve-2022-1471
   
   The shortest explanation is that Beam depends on SnakeYAML through `jackson-dataformat-yaml`, and `jackson-dataformat-yaml` is not vulnerable to it (see https://github.com/FasterXML/jackson-dataformats-text/issues/361)
   
   ### Issue Priority
   
   Priority: 2 (default / most bugs should be filed as P2)
   
   ### Issue Components
   
   - [ ] Component: Python SDK
   - [ ] Component: Java SDK
   - [ ] Component: Go SDK
   - [ ] Component: Typescript SDK
   - [X] Component: IO connector
   - [ ] Component: Beam examples
   - [ ] Component: Beam playground
   - [ ] Component: Beam katas
   - [ ] Component: Website
   - [ ] Component: Spark Runner
   - [ ] Component: Flink Runner
   - [ ] Component: Samza Runner
   - [ ] Component: Twister2 Runner
   - [ ] Component: Hazelcast Jet Runner
   - [ ] Component: Google Cloud Dataflow Runner


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] pabloem closed issue #25449: [Bug]: Beam depends on SnakeYAML, but is not vulnerable to CVE-2022-1471

Posted by "pabloem (via GitHub)" <gi...@apache.org>.

pabloem closed issue #25449: [Bug]: Beam depends on SnakeYAML, but is not vulnerable to CVE-2022-1471
URL: https://github.com/apache/beam/issues/25449


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org