bumb version of snakeyaml to fix security issue in snakeyaml < 1.26 #11167
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR checklist
./bin/
to update Petstore sample so that CIs can verify the change. (For instance, only need to run./bin/{LANG}-petstore.sh
and./bin/security/{LANG}-petstore.sh
if updating the {LANG} (e.g. php, ruby, python, etc) code generator or {LANG} client's mustache templates). Windows batch files can be found in.\bin\windows\
.3.0.0
branch for changes related to OpenAPI spec 3.0. Default:master
.Description of the PR
Version bump of snakeyaml to recent version in order to fix a security vulnerability in snakeyaml < 1.26.
Background: One of my clients uses Blackduck to scan security of their products.
Blackduck reported swagger-codegen-cli-2.4.21.jar to have transitive dependency to snakeyaml-1.24.
"SnakeYAML is vulnerable to a billion laughs attack. An attacker able to supply specially crafted input to the application could cause excessive memory consumption, resulting in a denial-of-service (DoS)."
SnakeYaml Issue: https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
Fixed in https://bitbucket.org/asomov/snakeyaml/src/snakeyaml-1.26/
Fix Commit ID: : https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c"