I am currently using Elasticsearch 7.17.14 and Logstash7.17.14. Scanning shows that both of these applications are using the snakeyaml 1.0 version jar package, and there are security issues with snakeyaml versions smaller than 2.0. I hope to upgrade snakeyaml to version 2.0 or above through a minor version in version 7.17. thank you!
Per the instructions here:
Reports of potential security issues, including CVEs in dependencies should be reported to our security team. We do not discuss them here.