[Bug]: Beam depends on SnakeYAML, but is not vulnerable to CVE-2022-1471

### What happened?

Here is a document outlining why Beam is not vulnerable to CVE-2022-1471:

https://s.apache.org/beam-and-cve-2022-1471

The shortest explanation is that Beam depends on SnakeYAML through `jackson-dataformat-yaml`, and `jackson-dataformat-yaml` is not vulnerable to it (see https://github.com/FasterXML/jackson-dataformats-text/issues/361)

### Issue Priority

Priority: 2 (default / most bugs should be filed as P2)

### Issue Components

- [ ] Component: Python SDK
- [ ] Component: Java SDK
- [ ] Component: Go SDK
- [ ] Component: Typescript SDK
- [X] Component: IO connector
- [ ] Component: Beam examples
- [ ] Component: Beam playground
- [ ] Component: Beam katas
- [ ] Component: Website
- [ ] Component: Spark Runner
- [ ] Component: Flink Runner
- [ ] Component: Samza Runner
- [ ] Component: Twister2 Runner
- [ ] Component: Hazelcast Jet Runner
- [ ] Component: Google Cloud Dataflow Runner

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: Beam depends on SnakeYAML, but is not vulnerable to CVE-2022-1471 #25449

What happened?

Issue Priority

Issue Components

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug]: Beam depends on SnakeYAML, but is not vulnerable to CVE-2022-1471 #25449

Description

What happened?

Issue Priority

Issue Components

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions