This repository has been archived by the owner on Feb 12, 2022. It is now read-only.
Vulnerable version snakeyaml #692
Comments
|
Please note that this parser is now deprecated and is about to be archived, please use webapi-parser moving forward. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
RAML-parser.0.8.37 uses snakeyaml(1.23) which has known vulnerabilities and it is recommended to update it to 1.26 or later.
Upgrading to RAML-Parser 1.x is not possible as the format has changed in 1.x
So request you to update snakeyaml to 1.26 in 0.8.x version.
Referenced for security issue:
https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
The text was updated successfully, but these errors were encountered: