AlexandrosMor
commented
1 year ago fixes #498
Closed AlexandrosMor closed 1 year ago
AlexandrosMor
commented
1 year ago fixes #498
joschi
commented
1 year ago
The update from SnakeYAML 1.33 to 2.0 includes important security enhancements to address a known vulnerability. In previous versions of SnakeYAML, it was possible for an attacker to exploit a YAML parsing vulnerability to execute arbitrary code on the host system.
SnakeYAML 2.0 includes several changes to mitigate this vulnerability. One of the key changes is the introduction of a new default parser, which is now based on the Jackson YAML parser. This new parser is designed to be more secure and resistant to malicious input than the previous parser.