Skip to content

Upgrading SnakeYAML and Spring Boot to address CVE-2022-1471

David Diederich requested to merge upgrade-snakeyaml into master

This upgrades the SnakeYAML dependency to be version 2.0, addressing a critical security vulnerability (CVE-2022-1471).

It required explicitly setting the dependency rather than allowing it to be inherited from Spring Boot.

Furthermore, Spring Boot 2.7.2 wasn't compatible with the SnakeYAML upgrade, so I upgraded that to 2.7.10 to pass the tests.

Closes #3

Edited by David Diederich

Merge request reports

Loading