Actions
Bug #22983
closed
Snake-yaml dependency in zio-json is subjected to CVE
Status:
Released
Priority:
N/A
Assignee:
Category:
Architecture - Code maintenance
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
zio-json-yaml comes with snakeyaml 1.33, which is subjected to cve-2022-1471 (https://www.veracode.com/blog/research/resolving-cve-2022-1471-snakeyaml-20-release-0)
We can use version 2.0 to correct the problem, what we tried to tell maven to do, but failed to.
Updated by 
Updated by Anonymous 
Updated by
Actions