[JS-1939] Update snakeyaml from 1.18 to 1.26 due to 3rd party vulnerability issue CVE-2017-18640 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.9
Fix Version/s: 1.13.10
Component/s: None
Labels:
None

CVE-ID:
CVE-2017-18640

Description

Current Situation

Currently JobScheduler engine use snakeyaml version 1.18
a vulnerability affects this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18640

Desired Behavior

Due to a vulnerability Issue of older snakeyaml releases the JobScheduler engine should use the current version 1.26 that fixes the issues.

Attachments

Activity

People

Assignee:: Joacim Zschimmer

Reporter:: Santiago Aucejo Petzoldt

Approver:: Divyani Rathore

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13 August 2021 06:49

Updated:: 18 December 2021 01:36

Resolved:: 13 December 2021 21:22