Skip to content

DRILL-8300: Upgrade to snakeyaml 1.31 due to cve #2643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jnturton merged 1 commit into from
Sep 8, 2022
Merged

DRILL-8300: Upgrade to snakeyaml 1.31 due to cve #2643

jnturton merged 1 commit into from
Sep 8, 2022

Conversation

@pjfanning
Copy link
Member

@pjfanning pjfanning commented Sep 7, 2022

Description

Snakeyaml has a CVE

@pjfanning pjfanning self-assigned this Sep 7, 2022
cgivre
cgivre approved these changes Sep 8, 2022
View reviewed changes
Copy link
Contributor

@cgivre cgivre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM +1

@jnturton jnturton changed the title DRILL-8300: snakeyaml 1.31 due to cve DRILL-8300: Upgrade to snakeyaml 1.31 due to cve Sep 8, 2022
@jnturton jnturton merged commit d754076 into apache:master Sep 8, 2022
@jnturton jnturton added the backport-to-stable This bug fix is applicable to the latest stable release and should be considered for inclusion there label Sep 8, 2022
@pjfanning pjfanning deleted the DRILL-8300-snakeyaml branch September 8, 2022 09:57
kingswanwho pushed a commit to kingswanwho/drill that referenced this pull request Nov 8, 2022
@pjfanning @kingswanwho
DRILL-8300: Upgrade to snakeyaml 1.31 due to cve (apache#2643)
ea900c5
@kingswanwho kingswanwho mentioned this pull request Dec 18, 2022
Merged
jnturton pushed a commit that referenced this pull request Dec 19, 2022
@pjfanning @jnturton
DRILL-8300: Upgrade to snakeyaml 1.31 due to cve (#2643)
67f7b74
ashevchuk123 pushed a commit to mapr/incubator-drill that referenced this pull request Oct 28, 2025
@pjfanning @rymarm
DRILL-8300: Upgrade to snakeyaml 1.31 due to cve (apache#2643)
7c10de2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cgivre cgivre cgivre approved these changes

Assignees

@pjfanning pjfanning

Labels

backport-to-stable This bug fix is applicable to the latest stable release and should be considered for inclusion there dependencies security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pjfanning @cgivre @jnturton