-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
None
-
None
Book: Developing applications for Web Services
Chapter: 2.4.11. YAML Provider
Could you please add a note which says that it is not recommended to use yaml provider because of the security vulnerability:
RESTEasy has a provider for YAML using the SnakeYAML library.
The usage of the module is not recommended due to security issue in SnakeYAML library used by RESTEasy for unmarshaling. If you want to enable this anyway,
you must update the following dependencies into the project POM file of your application...
- is cloned by
-
JBEAP-13480 [7.1] Development guide for Webservices - Yaml provider note that it is not recommended
- Closed
- relates to
-
JBEAP-13407 [7.0] Fix Migration guide for EAP 7.0
- Closed