Hi,
What workaround does the Spring Boot team recommend as Spring Boot 2.7.18 that just got released still contains the CVE-2022-1471 vulnerability from snakeyaml 1.30?
I suppose using snakeyaml 2.x is not an option?
Thanks.
Comment From: scottfrederick
I assume you meant Spring Boot 2.7.18 instead of 2.18, and edited your question accordingly. If that's not the case then please clarify.
See the discussion in #33457 for some options, which include not using YAML for property files and upgrading to a newer version of Spring Boot that does use Snake Yaml 2.x.
Comment From: JeromeSimmonds
Yes, 2.7.18, thanks for fixing, and for your answer.