HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.

Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2020-10-28 09:26:52 -07:00 · 2020-10-28 09:26:52 -07:00 · eb84793af1
commit eb84793af1
parent b3ba74d72d
1 changed files with 1 additions and 1 deletions
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@ -199,7 +199,7 @@
    <declared.hadoop.version>${hadoop.version}</declared.hadoop.version>

    <swagger-annotations-version>1.5.4</swagger-annotations-version>
-    <snakeyaml.version>1.16</snakeyaml.version>
+    <snakeyaml.version>1.26</snakeyaml.version>
    <hbase.one.version>1.4.8</hbase.one.version>
    <hbase.two.version>2.0.2</hbase.two.version>
    <junit.version>4.12</junit.version>