-
Notifications
You must be signed in to change notification settings - Fork 38.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow SnakeYaml 2.0 runtime compatibility #30097
Comments
SnakeYaml is an optional dependency for Spring Framework. The commit you're pointing out merely raises the minimum version and changes an implementation to avoid deprecation warnings. Is there a runtime issue with SnakeYaml 2.0 and Spring Framework 5.3.x? Can you report the stacktrace here and a minimal application reproducing the problem? Note that Spring Boot 2.7.x is already targeting SnakeYaml 2.0 compatibility (see spring-projects/spring-boot#34405) and it is based on Spring Framework 5.3.x. |
Stack
See github action run for https://github.com/cloudfoundry/uaa/pull/2219/checks from cloudfoundry/uaa#2219 |
as far as I have understood snakeyaml the change from |
This commit ensures that SnakeYaml 2.0 is compatible at runtime with Spring Framework 5.3.x with the `YamlProcessor` support. The baseline version for SnakeYaml remains the same. Closes gh-30097
Closed with d00fd4c. |
Affects: 5.3.x
Please upgrade snakeyaml to 2.0 in branch 5.3.x, e.g. or take 9712bb6
This would help many projects to get free of CVE blaming regarding snakeyaml
The text was updated successfully, but these errors were encountered: