Fork me on GitHub
#clj-yaml
<
2022-12-08
>
lread15:12:42

This particular CVE saga carries on. I'm not sure what Andrey's position is anymore but he has re-opened the https://bitbucket.org/snakeyaml/snakeyaml/issues/561 he previously closed at wontfix. In any case, I feel for him, not a ton of fun. Since clj-yaml took the safe-by-default approach, I feel we are still unaffected by this particular CVE.