Closed cfollenf closed 1 year ago
Current version of SnakeYAML (1.26) holds a critical vulnerability CVE-2022-1471 which was updated yesterday March 21st, could you please bump it up to version 2.00 ?
Will do, but note that registry-core does not use yaml at all, let alone expose an endpoint for it to untrusted content.
Patched release done (thanks @simonoakesepimorphics)
Thanks again.
Current version of SnakeYAML (1.26) holds a critical vulnerability CVE-2022-1471 which was updated yesterday March 21st, could you please bump it up to version 2.00 ?