Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit raises the SnakeYAML baseline version to 2.0. While most Spring applications are not affected by CVE-2022-1471, upgrading this version should prevent automated tools from raising this as a security issue. Such tools usually do not understand that YAML parsing in Spring is about reading configuration, not parsing untrusted content. Closes gh-30048
- Loading branch information
Showing
3 changed files
with
14 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters