Closed jbedorf closed 5 years ago
We're only using the safe_load()
method, so we're not vulnerable. Not sure if we should upgrade to a beta package to fix an issue we're not vulnerable to.
Sure. Let's hold this open as a reminder until they bring out the official release.
@jbedorf I bumped the pyyaml version to the latest release. This fixes the CVE referenced in this issue.
See: CVE-2017-18342 and https://github.com/yaml/pyyaml/issues/243