onobc
commented
1 year ago Hi @khaeghar
We have no current plans to bump to 2.x as the changes would ripple through Spring Boot. Once Boot updates, we likely will too. In the meantime, the CVE does not affect dataflow as we have mitigated the flaws. Please see https://github.com/spring-cloud/spring-cloud-dataflow/security/advisories/GHSA-578p-phm8-hcj9
Hi,
I was wondering if there's any plan on upgrading the snakeyaml version from 1.33 to 2.x, since 1.33 contains a vulnerability.
Kind regards!