Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Current version of apache commons json is affected by https://nvd.nist.gov/vuln/detail/CVE-2022-47937
Due to the relicenced base library (https://github.com/stleary/JSON-java), that now uses the 'public domain', the fix of that CVE is as simple as migrating to the latest codebase of said library.
Along this, it would be beneficial to perform some side activities, such as the upgrade to the latest parent pom and junit5.
Attachments
Issue Links
- relates to
-
LEGAL-666 Use of org.json with public domain license
- Closed
- links to