snakeyaml历史版本漏洞，升级2.x后存在兼容性问题

[yonglong-zhang]

我在引入了apollo-client 2.1.0后发现snakeyaml的版本还是使用的1.29，故升级snakeyaml版本为2.x，但是升级到2.x后，存在兼容性问题

代码文件：YamlParser.java

[yonglong-zhang]

Init Apollo Local Config failed - namespace: application.yml, reason: Parse yaml file content failed for namespace: application.yml [Cause: org.yaml.snakeyaml.constructor.SafeConstructor: method ()V not found].

[nobodyiam]

看起来是 snakeyaml 大版本升级后删除了 SafeConstructor 的默认构造函数，建议升级到 1.x 的最新版本吧

[richieyan]

看起来是 snakeyaml 大版本升级后删除了 SafeConstructor 的默认构造函数，建议升级到 1.x 的最新版本吧

目前 snakeyaml 1.x 已经没有合适的最新版本可以使用，必须使用 2.x 的版本

https://mvnrepository.com/artifact/org.yaml/snakeyaml

[joeaniu]

apollo 2.2.0还要多久可以release？ snakeyaml1.x已经被客户禁用了。

[nobodyiam]

Apollo java version 2.2.0 is now available for download. You can access this latest release at Maven Central.

[walkertest]

Apollo java version 2.2.0 is now available for download. You can access this latest release at Maven Central.

请问这块是怎么建议的. 如果升级了apllo的依赖，因为spring也依赖snakeyaml，是不是也得强制升级spring等相关依赖.

怎么兼容呢，换一个新的yaml解析库吗

[nobodyiam]

Which version of Spring are you currently utilizing? I assume it would be compatible with the majority of Spring versions.

[GhostBoyBoy]

Which version of Spring are you currently utilizing? I assume it would be compatible with the majority of Spring versions.

Hi, I also encountered it. My version is also Apollo 2.1, spring boot is 3.2.0, spring cloud 2023.0.0

[GhostBoyBoy]

Which version of Spring are you currently utilizing? I assume it would be compatible with the majority of Spring versions.

Hi, I also encountered it. My version is also Apollo 2.1, spring boot is 3.2.0, spring cloud 2023.0.0

I have many spring cloud gateway configurations

[GhostBoyBoy]

2023-12-14 21:31:48.401 [] [main] WARN c.ctrip.framework.apollo.internals.DefaultConfig - Init Apollo Local Config failed - namespace: application.yml, reason: Parse yaml file content failed for namespace: application.yml [Cause: org.yaml.snakeyaml.constructor.SafeConstructor: method 'void ()' not found].

[GhostBoyBoy]

spring:
  application:
    name: gateway
  cloud:
    loadbalancer:
      clients:
        app1:
          hint:
            enable: true
            gray: 100
        app2:
          hint:
            enable: false
            gray: 100
    gateway:
      httpclient:
        response-timeout: 300s
      routes:
        - id: app1-serv
          uri: lb://app1 
          predicates:
            - Path=/app1/**
          filters:
            - RewritePath=/app1(?<segment>/?.*), $\{segment}
            - AddNginxRequestHeader=X-Real-IP,$
        - id: app2
          uri: lb://app2
          predicates:
            - Path=/app2/**
          filters:
            - RewritePath=/app2(?<segment>/?.*), $\{segment}

eureka:
  instance:
    leaseRenewalIntervalInSeconds: 3  
    leaseExpirationDurationInSeconds: 3  
  client:
    registryFetchIntervalSeconds: 3
    instanceInfoReplicationIntervalSeconds: 3
    service-url:
      defaultZone: http://localhost:8761/eureka
server:
  port: 8080 

logging:
  config: classpath:logback.xml
  level:
    com.mishu: info

[nobodyiam]

Which version of Spring are you currently utilizing? I assume it would be compatible with the majority of Spring versions.

Hi, I also encountered it. My version is also Apollo 2.1, spring boot is 3.2.0, spring cloud 2023.0.0

You could now use apollo 2.2.0

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically closed because it has not had activity in the last 7 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.