Hi,
As per NVD, the SnakeYAML 1.23 version present in readonlyrest-1.26.1_es7.10.0.zip
is vulnerable to CVE-2017-18640.
Vulnerability Link: NVD - CVE-2017-18640
Please look into this.
Hi,
As per NVD, the SnakeYAML 1.23 version present in readonlyrest-1.26.1_es7.10.0.zip
is vulnerable to CVE-2017-18640.
Vulnerability Link: NVD - CVE-2017-18640
Please look into this.
Hi @coutoPL,
I have upgraded the ROR version to 1.31 but its seems SnakeYAML 1.29 version is recommended version with no known vulnerability as of now.
did SnakeYAML fix that memory leak that costed us a lot of sweat to debug? We ended up downgrading to an older version back then.
I seems that SnakeYAML > 1.25 doesn’t have this issue. To be sure I run profiler and a test script and I don’t see a leak in 1.29