YAML is a human-readable language to serialize data that’s commonly used for config files. The word YAML is an acronym for “YAML ain’t a markup language” and was first released in 2001. You can compare YAML to JSON or XML as all of them are text-based structured formats.
YAML files are often used to configure applications, application servers, or clusters. It is a very common format in Spring Boot applications and, of course, to configure Kubernetes. However, similarly to JSON and XML, you can use YAML to serialize and deserialize data.
Most importantly to note, manually importing YAML in your Java application with an outdated version of snakeyaml might get you into trouble.
For instance, do you have any idea what this code below does and how it can affect your Java application?
Read the full article to understand what it does and how to prevent it in your Java application.