spring-framework

History

Andrey Somov 097758baf3 Upgrade to SnakeYAML 2.0 This commit raises the SnakeYAML baseline version to 2.0. While most Spring applications are not affected by CVE-2022-1471, upgrading this version should prevent automated tools from raising this as a security issue. Such tools usually do not understand that YAML parsing in Spring is about reading configuration, not parsing untrusted content. Closes gh-30048	2023-05-22 14:31:27 +02:00
..
framework-platform.gradle	Upgrade to SnakeYAML 2.0	2023-05-22 14:31:27 +02:00

Andrey Somov 097758baf3 Upgrade to SnakeYAML 2.0

This commit raises the SnakeYAML baseline version to 2.0.
While most Spring applications are not affected by CVE-2022-1471,
upgrading this version should prevent automated tools from raising this
as a security issue. Such tools usually do not understand that YAML
parsing in Spring is about reading configuration, not parsing untrusted
content.

Closes gh-30048

2023-05-22 14:31:27 +02:00

framework-platform.gradle

Upgrade to SnakeYAML 2.0

2023-05-22 14:31:27 +02:00