Open eugene-cheverda opened 1 year ago
We can see that the branch-2.10
uses the 2.0 version of snakeyaml
. Additionally, we can see that this modification is marked for release 2.10.5
. What is the tentative release date for 2.10.5
(along with modifications to snakeyaml
)?
The issue had no activity for 30 days, mark with Stale label.
https://lists.apache.org/thread/vqyth08gll71jv24oyrntl23lqxxdozb 2.10.5 is under voting. You're welcome to test it out and share your test result.
Closed as the issue fixed on the branch.
No. Jackson is not upgraded to 2.15.0 now.
The issue had no activity for 30 days, mark with Stale label.
Search before asking
Motivation
Snakeyaml v1.32 used in jackson.dataformat.yaml, prometheus and direct pulsar dependencies has a security vulnerability described in https://avd.aquasec.com/nvd/cve-2022-1471
Solution
Update prometheus to 0.18.0, jackson libs to 2.15.0 and snakeyaml to 2.0
Alternatives
No response
Anything else?
No response
Are you willing to submit a PR?