jstoiko
commented
4 years ago Please note that this parser is now deprecated and is about to be archived, please use webapi-parser moving forward.
Open kuramsai opened 4 years ago
jstoiko
commented
4 years ago Please note that this parser is now deprecated and is about to be archived, please use webapi-parser moving forward.
RAML-parser.0.8.37 uses snakeyaml(1.23) which has known vulnerabilities and it is recommended to update it to 1.26 or later.
Upgrading to RAML-Parser 1.x is not possible as the format has changed in 1.x
So request you to update snakeyaml to 1.26 in 0.8.x version.
Referenced for security issue: https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645 https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion