Closed radon-86 closed 3 months ago
11
Yes
According to my security tool which I am using Sponge API version 11 is using the package SnakeYAML version 1.28, which is vulnerable to various attacks, according to Snyk: https://security.snyk.io/package/maven/org.yaml:snakeyaml/1.28.
security tools are not a substitute for a brain.
Major SpongeAPI version
11
Is this likely to be a breaking change?
Yes
What are you requesting?
According to my security tool which I am using Sponge API version 11 is using the package SnakeYAML version 1.28, which is vulnerable to various attacks, according to Snyk: https://security.snyk.io/package/maven/org.yaml:snakeyaml/1.28.