From 5c87aed6b523bbefa28f871f49cb4dcc30d2bff4 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Thu, 2 Apr 2020 09:47:05 -0700
Subject: [PATCH] Fix #187

---
 release-notes/VERSION-2.x | 4 ++++
 yaml/pom.xml              | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 9499bd8a..f2328bb3 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -8,6 +8,10 @@ Modules:
 === Releases ===
 ------------------------------------------------------------------------
 
+2.9.10.1 (not released)
+
+#187: Update to SnakeYAML 1.26 to address CVE-2017-18640
+
 2.9.10 (21-Sep-2019)
 
 No changes since 2.9.9
diff --git a/yaml/pom.xml b/yaml/pom.xml
index 4cce70c4..88624abb 100644
--- a/yaml/pom.xml
+++ b/yaml/pom.xml
@@ -30,7 +30,7 @@
     <dependency>
       <groupId>org.yaml</groupId>
       <artifactId>snakeyaml</artifactId>
-      <version>1.23</version>
+      <version>1.26</version>
     </dependency>
 
      <!-- and for testing need annotations -->