diff --git a/build.gradle b/build.gradle index 363ddc6..389363c 100644 --- a/build.gradle +++ b/build.gradle @@ -47,7 +47,7 @@ repositories { dependencies { // NOTE: groovy version included in Jenkins is 1.8.9 runtime 'org.codehaus.groovy:groovy-all:1.8.9' - compile 'org.yaml:snakeyaml:1.16' + compile 'org.yaml:snakeyaml:1.26' testCompile 'org.spockframework:spock-core:0.7-groovy-1.8' diff --git a/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlFileLoader.groovy b/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlFileLoader.groovy index e6211c3..d0cd3f9 100644 --- a/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlFileLoader.groovy +++ b/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlFileLoader.groovy @@ -3,6 +3,7 @@ import groovy.transform.TupleConstructor import hudson.FilePath import hudson.Util import org.yaml.snakeyaml.Yaml +import org.yaml.snakeyaml.constructor.SafeConstructor @TupleConstructor class YamlFileLoader extends YamlLoader { @@ -17,7 +18,7 @@ class YamlFileLoader extends YamlLoader { return null } - Yaml yaml = new Yaml() + Yaml yaml = new Yaml(new SafeConstructor()) InputStream input = createFilePath().read() try{ diff --git a/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlTextLoader.groovy b/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlTextLoader.groovy index 787a5dc..a292940 100644 --- a/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlTextLoader.groovy +++ b/src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlTextLoader.groovy @@ -1,6 +1,7 @@ package org.jenkinsci.plugins.yamlaxis import groovy.transform.TupleConstructor import org.yaml.snakeyaml.Yaml +import org.yaml.snakeyaml.constructor.SafeConstructor @TupleConstructor class YamlTextLoader extends YamlLoader { @@ -10,7 +11,7 @@ class YamlTextLoader extends YamlLoader { @Override Map getContent() { - Yaml yaml = new Yaml() + Yaml yaml = new Yaml(new SafeConstructor()) yaml.load(yamlText) } }