Closed apozzo closed 3 years ago
According to oss index snakeyaml version 1.24 is vulnerable see https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml@1.24
this dependency should be updated to at least to version 1.26 see https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml@1.26
all available versions from maven central repository search https://search.maven.org/artifact/org.yaml/snakeyaml
thanks a lot for all your eclipse editor plugins, it helps me a lot.
Thanx for reporting, will upgrade to snakeyaml 1.29 - see https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.29
I just released 1.7.1 on eclipse marketplace with this fix.
According to oss index snakeyaml version 1.24 is vulnerable see https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml@1.24
this dependency should be updated to at least to version 1.26 see https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml@1.26
all available versions from maven central repository search https://search.maven.org/artifact/org.yaml/snakeyaml
thanks a lot for all your eclipse editor plugins, it helps me a lot.