Bug#1064146: Update snakeyaml to v2.2 or later

Jérôme Charaoui jerome at riseup.net
Sat Feb 17 18:16:25 GMT 2024


Package: snakeyaml
Severity: wishlist

Dear maintainer,

Please upgrade snakeyaml to the latest version.

To help prevent remote code execution vulnerabilities, snakeyaml 2.2 and 
later disallows global tags by default.

This has prompted a number of projects to migrate to this new release, 
Puppet Server and PuppetDB, among others.

Thank you!

-- Jerome



More information about the pkg-java-maintainers mailing list