Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] upgrade to snakeyaml 2.0 due to cve #4273

Open
2 tasks done
pjfanning opened this issue Feb 26, 2023 · 3 comments
Open
2 tasks done

[Bug] upgrade to snakeyaml 2.0 due to cve #4273

pjfanning opened this issue Feb 26, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@pjfanning
Copy link
Contributor

Search before asking

  • I searched the issues and found no similar issues.

Linkis Component

linkis-commons

Steps to reproduce

https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in

Expected behavior

secure lib used

Your environment

  • Linkis version used: 1.1.2
  • Environment name and version:
    • cdh-5.14.2
    • hdp-3.1.5
    • hive-2.1.1
    • spark-3.2.1
    • scala-2.12.2
    • jdk 1.8.0_121
    • ....

Anything else

No response

Are you willing to submit a PR?

  • Yes I am willing to submit a PR!
@pjfanning pjfanning added the bug Something isn't working label Feb 26, 2023
@github-actions
Copy link

😊 Welcome to the Apache Linkis community!!

We are glad that you are contributing by opening this issue.

Please make sure to include all the relevant context.
We will be here shortly.

If you are interested in contributing to our website project, please let us know!
You can check out our contributing guide on
👉 How to Participate in Project Contribution.

Community

WeChat Assistant WeChat Public Account

Mailing Lists

Name Description Subscribe Unsubscribe Archive
[email protected] community activity information subscribe unsubscribe archive

@pjfanning
Copy link
Contributor Author

Looks like this is blocked because of Spring - see #4274

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants
@pjfanning and others