Skip to content

Commit cb4cda9

Browse files
kwinkwin
authored
Update SnakeYAML to 1.32 (#643)
This closes #642
1 parent f9222cc commit cb4cda9

File tree

2 files changed

+19
-12
lines changed

2 files changed

+19
-12
lines changed

Diff for: accesscontroltool-bundle/suppression.xml

+18-11
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,25 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
3-
<suppress>
4-
<notes><![CDATA[
3+
<suppress>
4+
<notes><![CDATA[
55
https://nvd.nist.gov/vuln/detail/CVE-2020-8022 marks it as vulnerable as it has version ranges without a lower bound for both tomcat 8 and 9.
66
Reported at https://github.com/jeremylong/DependencyCheck/issues/3661.
77
]]></notes>
8-
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat\-jasper\-el@.*$</packageUrl>
9-
<cve>CVE-2020-8022</cve>
10-
</suppress>
11-
<suppress>
12-
<notes><![CDATA[
13-
file name: tomcat-jasper-el-10.0.21.jar
8+
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat\-jasper\-el@.*$</packageUrl>
9+
<cve>CVE-2020-8022</cve>
10+
</suppress>
11+
<suppress>
12+
<notes><![CDATA[
13+
file name: tomcat-jasper-el-10.0.21.jar
14+
]]></notes>
15+
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat\-jasper\-el@.*$</packageUrl>
16+
<cve>CVE-2022-34305</cve><!-- only affects examples web app (https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k) -->
17+
</suppress>
18+
<suppress>
19+
<notes><![CDATA[
20+
file name: snakeyaml-1.32.jar, 1.32 has the CVE issue fixed, reported at https://github.com/jeremylong/DependencyCheck/issues/4839
1421
]]></notes>
15-
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat\-jasper\-el@.*$</packageUrl>
16-
<cve>CVE-2022-34305</cve><!-- only affects examples web app (https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k) -->
17-
</suppress>
22+
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
23+
<vulnerabilityName>CVE-2022-38752</vulnerabilityName>
24+
</suppress>
1825
</suppressions>

Diff for: pom.xml

+1-1
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@
114114
<dependency>
115115
<groupId>org.yaml</groupId>
116116
<artifactId>snakeyaml</artifactId>
117-
<version>1.28</version>
117+
<version>1.32</version>
118118
</dependency>
119119
<!-- due to https://bugs.openjdk.java.net/browse/JDK-8231581 OOTB JRE is not sufficient -->
120120
<dependency>

0 commit comments

Comments
 (0)