You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@shardingsphere.apache.org by "zts212653 (via GitHub)" <gi...@apache.org> on 2023/04/28 06:58:18 UTC

[GitHub] [shardingsphere-elasticjob] zts212653 opened a new issue, #2215: When could you update snakeyaml version?

zts212653 opened a new issue, #2215:
URL: https://github.com/apache/shardingsphere-elasticjob/issues/2215

   snakeyaml 1.x has bug CVE-2022-1471
   when update to snakeyaml 2.0 they delete empty constructor
   ![image](https://user-images.githubusercontent.com/26771442/235076835-4955f526-6662-4f9d-97c9-30cc1f54e56a.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere-elasticjob] zhfeng commented on issue #2215: When could you update snakeyaml version?

Posted by "zhfeng (via GitHub)" <gi...@apache.org>.

zhfeng commented on issue #2215:
URL: https://github.com/apache/shardingsphere-elasticjob/issues/2215#issuecomment-1539165897

   It seems that springboot 2.7.10 should work with snakeyaml 2.0, see https://github.com/spring-projects/spring-framework/pull/30048#issuecomment-1532456180
   
   So I think we can try to upgrade to 2.0 in shardingsphere-elasticjob. Let me prepare a PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere-elasticjob] TeslaCN closed issue #2215: When could you update snakeyaml version?

Posted by "TeslaCN (via GitHub)" <gi...@apache.org>.

TeslaCN closed issue #2215: When could you update snakeyaml version?
URL: https://github.com/apache/shardingsphere-elasticjob/issues/2215


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere-elasticjob] linghengqian commented on issue #2215: When could you update snakeyaml version?

Posted by "linghengqian (via GitHub)" <gi...@apache.org>.

linghengqian commented on issue #2215:
URL: https://github.com/apache/shardingsphere-elasticjob/issues/2215#issuecomment-1538384409

   - There is already https://github.com/apache/shardingsphere/pull/24636#issuecomment-1475326476 as a test. 
   - @zhfeng I wonder if it's possible to do this without changing the SnakeYAML version? Because Spring Team has not merged the PR I mentioned in https://github.com/apache/shardingsphere/pull/24636#pullrequestreview-1364252749.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org