linkis icon indicating copy to clipboard operation
linkis copied to clipboard

Published 20 hours ago verified publisher icon apache

[Bug] upgrade to snakeyaml 2.0 due to cve

Open pjfanning opened this issue 1 year ago • 2 comments

Search before asking

  • [X] I searched the issues and found no similar issues.

Linkis Component

linkis-commons

Steps to reproduce

https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in

Expected behavior

secure lib used

Your environment

  • Linkis version used: 1.1.2
  • Environment name and version:
    • cdh-5.14.2
    • hdp-3.1.5
    • hive-2.1.1
    • spark-3.2.1
    • scala-2.12.2
    • jdk 1.8.0_121
    • ....

Anything else

No response

Are you willing to submit a PR?

  • [X] Yes I am willing to submit a PR!

pjfanning avatar Feb 26 '23 14:02 pjfanning