Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.10.CR1, 7.4.10.GA
Affects Version/s: 7.4.8.GA
Component/s: Management
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/jbossas/wildfly-core-eap/pull/1206
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution

Update the YAML Configuration Extension so that it won't try to deserialize yaml to java classes.

clones

WFCORE-6169 Disable YAML deserialization in the YAML Configuration Extension

Resolved

is incorporated by

JBEAP-24385 (7.4.z) Upgrade WildFly Core from 15.0.22.Final-redhat-00001 to 15.0.23.Final-redhat-00001

Closed

Assignee:: Emmanuel Hugonnet

Reporter:: Emmanuel Hugonnet

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2022/12/13 1:12 PM

Updated:: 2024/08/19 2:00 PM

Resolved:: 2023/02/03 9:01 AM