You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by GitBox <gi...@apache.org> on 2020/09/07 16:00:39 UTC

[GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640

crazylab opened a new pull request #110:
URL: https://github.com/apache/atlas/pull/110


   Maven package `cassandra-all` has transitive dependency on `org.yaml:snakeyaml:1.11` which has CVE-2017-18640:https://nvd.nist.gov/vuln/detail/CVE-2017-18640
   Raised a PR to Cassandra to upgrade the version of `snakeyaml` to `1.26` where the CVE got fixed : https://github.com/apache/cassandra/pull/736
   Upgrade to the latest version once `cassandra-all` new release become available


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640

Posted by GitBox <gi...@apache.org>.

nixonrodrigues commented on pull request #110:
URL: https://github.com/apache/atlas/pull/110#issuecomment-691860982


   CI passed.
   https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/15/console
   
   +1 for PR, @crazylab , Thanks for PR.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640

Posted by GitBox <gi...@apache.org>.

nixonrodrigues merged pull request #110:
URL: https://github.com/apache/atlas/pull/110


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org