From fe8b22ca8f44bd48cb00d14bc988599d971b81ca Mon Sep 17 00:00:00 2001
From: Brahma Reddy Battula <brahma@apache.org>
Date: Wed, 28 Oct 2020 09:26:52 -0700
Subject: [PATCH] HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate
 CVE-2017-18640. Contributed by Brahma Reddy Battula.

Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
(cherry picked from commit eb84793af1e48db05ab827d0cf09963a430615ed)
---
 hadoop-project/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 2d7f40c3199..6d77b5e6fa5 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -195,7 +195,7 @@
     <declared.hadoop.version>${hadoop.version}</declared.hadoop.version>
 
     <swagger-annotations-version>1.5.4</swagger-annotations-version>
-    <snakeyaml.version>1.16</snakeyaml.version>
+    <snakeyaml.version>1.26</snakeyaml.version>
     <hbase.one.version>1.4.8</hbase.one.version>
     <hbase.two.version>2.0.2</hbase.two.version>
     <junit.version>4.12</junit.version>