You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by GitBox <gi...@apache.org> on 2020/09/07 16:00:39 UTC
[GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640
crazylab opened a new pull request #110:
URL: https://github.com/apache/atlas/pull/110
Maven package `cassandra-all` has transitive dependency on `org.yaml:snakeyaml:1.11` which has CVE-2017-18640:https://nvd.nist.gov/vuln/detail/CVE-2017-18640
Raised a PR to Cassandra to upgrade the version of `snakeyaml` to `1.26` where the CVE got fixed : https://github.com/apache/cassandra/pull/736
Upgrade to the latest version once `cassandra-all` new release become available
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640
Posted by GitBox <gi...@apache.org>.
nixonrodrigues commented on pull request #110:
URL: https://github.com/apache/atlas/pull/110#issuecomment-691860982
CI passed.
https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/15/console
+1 for PR, @crazylab , Thanks for PR.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640
Posted by GitBox <gi...@apache.org>.
nixonrodrigues merged pull request #110:
URL: https://github.com/apache/atlas/pull/110
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org