Snakeyaml vulnerability (CVE-2022-1471) on latest ES version

Aviv_Nevo · March 16, 2023, 1:13pm

Hi

Need help regarding CVE-2022-1471 (snakeyaml):

Is there any fix for that in any ES version?
AFAIK, in the latest version, this package hasn't been updated.
Is there any plan to update the damaged package of snakeyaml?
Can I manually change the snakeyaml version? and how? (elasticsearch.yml maybe?)

The main reason this change is required is that we can't upload new images to GCP marketplace due to this vulnerability that is caused by ES.

DavidTurner · March 16, 2023, 3:02pm

We would rather not discuss potential security issues here. Please see this page for more information on the proper process to raise such issues:

system · April 13, 2023, 3:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.