ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)

d555c02b · Rahul Nandi · GitHub · 01e9ccef · d555c02b
Unverified Commit d555c02b authored Sep 15, 2020 by Rahul Nandi Committed by GitHub Sep 15, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

pom.xml pom.xml +7 -0

No files found.
--- a/pom.xml
+++ b/pom.xml
@@ -1665,6 +1665,13 @@
                <artifactId>zkclient</artifactId>
                <version>${zkclient.version}</version>
            </dependency>
+          <!-- Fix for cassandra-all tranitive dependency CVE-2017-18640 : https://nvd.nist.gov/vuln/detail/CVE-2017-18640 -->
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>1.26</version>
+            </dependency>
        </dependencies>
    </dependencyManagement>