In February 2024, Polli, et al. published RFC 9512, registering the application/yaml media type and the +yaml structured syntax suffix with IANA. This document aims to increase interoperability and content negotiation when exchanging YAML streams and resources. It also provides security considerations related to YAML, especially regarding potential arbitrary code execution and resource exhaustion issues due to the graph structure of YAML documents. Implementers need to be cautious when handling YAML tags, enabling safe deserialization processes, and preventing infinite loops. The document highlights the evolving nature of YAML and its relationship with JSON, offering guidelines for handling fragment identifiers and considering interoperability issues.
https://www.rfc-editor.org/rfc/rfc9512.html