CVE-2022-38752 #737

marcchanwork · 2022-09-14T02:34:59Z

Hello, I would like to request update for org.yaml:snakeyaml package to 1.32. This will fix CVE-2022-38752 detected in 0.17.1 version. Thanks!

fstab · 2022-09-14T07:37:43Z

Thanks for the heads-up, I'll release an update in the next couple of days. Oh my, #734 was just a couple of days ago.

everking · 2022-09-21T06:36:29Z

@fstab - First of all, I like your git login "fstab", just like the linux command. :-)

We're also waiting for the version bump for snakeyaml to 1.32. Have you thought about when it will be released?

Thanks for your help and for being patient to impatient folks like me!

fstab · 2022-09-21T22:20:59Z

0.17.2 released 🎉.

Downloads aren't on https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/ yet, but I guess it just takes a couple of minutes for Sonatype to sync.

fstab · 2022-09-21T22:27:18Z

Ok, repositories are synced now and download links work. Thanks for reporting!

everking · 2022-09-21T22:28:23Z

Thank you @fstab! ... and to @marcchanwork for reporting... probably saved us a few days.

fstab added a commit that referenced this issue Sep 21, 2022

Bump snakeyaml version #737

be66c4f

fstab closed this as completed Sep 21, 2022

Provide feedback