Our scanner reported that the Liferay DXP image as well as the Elasticsearch image are vulnerable to CVE-2022-1471, which is about an issue with SnakeYaml.
Could you please confirm if we have to address this vulnerability?
Environment
DXP 7.4
Resolution
CVE-2022-1471 was addressed in DXP 7.4 u75, so higher versions are secured.
Additional Information
The report-warning appears because the vulnerability in Sidecar (Elasticsearch embedded in Liferay) is present. However, Sidecar should not be used in the production environment.
