Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[STREAMPIPES-519] update snakeyaml due to CVEs #109

Merged
merged 1 commit into from Sep 19, 2022
Merged

[STREAMPIPES-519] update snakeyaml due to CVEs #109

merged 1 commit into from Sep 19, 2022

Conversation

pjfanning
Copy link
Contributor

GHSA-c4r9-r8fh-9vj2

Purpose

Approach

Samples

Remarks

Fixes:

@pjfanning pjfanning changed the title update snakeyaml due to CVEs [STREAMPIPES-519] update snakeyaml due to CVEs Sep 18, 2022
@tenthe tenthe merged commit 72c10f1 into apache:dev Sep 19, 2022
@tenthe
Copy link
Contributor

tenthe commented Sep 19, 2022

Thanks a lot for providing the PR

@pjfanning pjfanning deleted the patch-1 branch September 19, 2022 08:48
@pjfanning
Copy link
Contributor Author

@tenthe snakeyaml 1.32 brings in a default limit of 3Mb when parsing yaml files.

Need to allow users to specify another value if they need to.

https://bitbucket.org/snakeyaml/snakeyaml/src/72dfa9f1074abe2b8a6c8776bee4476b0aed02e3/src/main/java/org/yaml/snakeyaml/LoaderOptions.java

I only became aware of this issue in the last few hours.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pjfanning @tenthe