[jenkinsci/yaml-axis-plugin] a299e1: Upgrade snakeyaml to 1.26

GO Sueyoshi Mon, 06 Apr 2020 16:43:25 -0700

  Branch: refs/heads/SECURITY-1825
  Home:   https://github.com/jenkinsci/yaml-axis-plugin
  Commit: a299e138ee8a2d462d11a475f00eff0ac34d35ec
      
https://github.com/jenkinsci/yaml-axis-plugin/commit/a299e138ee8a2d462d11a475f00eff0ac34d35ec
  Author: sue445 <sue...@sue445.net>
  Date:   2020-04-06 (Mon, 06 Apr 2020)


  Changed paths:
    M build.gradle

  Log Message:
  -----------
  Upgrade snakeyaml to 1.26

for preventing billion laughs attack


  Commit: 356a7baf3fa343f3bb999ea03c11bdd40b02088d
      
https://github.com/jenkinsci/yaml-axis-plugin/commit/356a7baf3fa343f3bb999ea03c11bdd40b02088d
  Author: sue445 <sue...@sue445.net>
  Date:   2020-04-06 (Mon, 06 Apr 2020)

  Changed paths:
    M src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlFileLoader.groovy
    M src/main/groovy/org/jenkinsci/plugins/yamlaxis/YamlTextLoader.groovy

  Log Message:
  -----------
  Pass SafeConstructor

for preventing remote code execution vulnerability
https://bitbucket.org/asomov/snakeyaml/wiki/Documentation


Compare: 
https://github.com/jenkinsci/yaml-axis-plugin/compare/a299e138ee8a%5E...356a7baf3fa3

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/yaml-axis-plugin/push/refs/heads/SECURITY-1825/000000-356a7b%40github.com.

[jenkinsci/yaml-axis-plugin] a299e1: Upgrade snakeyaml to 1.26

Reply via email to