In the latest version of Logstash, SnakeYAML dependency was bumped to 1.33 but it seems that is vulnerable as well. The vulnerability CVE-2022-1471 is a critical one with score of 9.8.
Are there plans to bump it to 2.0 in next release?
Please see Security issues | Elastic;
Users and customers may report any other potential security issues to firstname.lastname@example.org. This address can be used for product security related inquiries or requests about other security topics that are not explicitly mentioned here. We can accept only security issues at this address. Bug reports should be directed to the bug database of the project you're reporting it on or raised to Elastic Support.