Skip to content

Navigation Menu

Appearance settings

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

github / codeql Public

Notifications You must be signed in to change notification settings
Fork 1.7k
Star 8.5k

Code
Issues 868
Pull requests 370
Discussions
Actions
Projects
Models
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Models
Security
Insights

Java: Adapt unsafe deserialization to SnakeYaml 2.0, which is secure by default#13347

Open

jorgectf wants to merge 5 commits intogithub:maingithub/codeql:mainfrom

jorgectf:jorgectf/snakeyaml-extend-safeconstructorjorgectf/codeql:jorgectf/snakeyaml-extend-safeconstructorCopy head branch name to clipboard

Conversation Commits5 (5)Checks Files changed

Open

Java: Adapt unsafe deserialization to SnakeYaml 2.0, which is secure by default#13347
jorgectf wants to merge 5 commits intogithub:mainfrom
jorgectf:jorgectf/snakeyaml-extend-safeconstructor

Commits

Commits on Jun 1, 2023

Make `SafeSnakeYamlConstruction` also find custom extensions of `SafeConstructor`
jorgectf
committed
Apply suggestions from code review
jorgectf
authored

Commits on Jun 2, 2023

Refactor the query to take into account release 2.0, which makes SnakeYaml secure by default
atorralba
committed
Rename predicate to clarify its meaning and remove unneeded cast
atorralba
committed

Commits on Jun 6, 2023

Update java/ql/src/change-notes/2023-06-02-snakeyaml-update.md
atorralba
authored

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.