Snakeyaml vulnerability (CVE-2022-1471) on latest ES version


Need help regarding CVE-2022-1471 (snakeyaml):

  1. Is there any fix for that in any ES version?
    AFAIK, in the latest version, this package hasn't been updated.
  2. Is there any plan to update the damaged package of snakeyaml?
  3. Can I manually change the snakeyaml version? and how? (elasticsearch.yml maybe?)

The main reason this change is required is that we can't upload new images to GCP marketplace due to this vulnerability that is caused by ES.


We would rather not discuss potential security issues here. Please see this page for more information on the proper process to raise such issues:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.