[FOLIO-3734] mod-consortia: snakeyaml 2.0 fixing CVE-2022-1471, Spring Boot 3.0.4 Created: 03/Mar/23  Updated: 06/Mar/23  Resolved: 06/Mar/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Thunderjet
RCA Group: Related dependency upgrade

 Description   

In https://github.com/folio-org/mod-consortia

upgrade snakeyaml from 1.33 to 2.0 fixing Arbitrary Code Execution: https://nvd.nist.gov/vuln/detail/CVE-2022-1471

Spring Boot >= 3.0.3 is compatible with snakeyaml 2.x: https://github.com/spring-projects/spring-boot/issues/34405


Generated at Thu Feb 08 23:30:18 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.