Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-12268

Fix CVE-2022-47937

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • Commons JSON 2.0.24
    • Commons
    • None

    Description

      Current version of apache commons json is affected by https://nvd.nist.gov/vuln/detail/CVE-2022-47937

      Due to the relicenced base library (https://github.com/stleary/JSON-java), that now uses the 'public domain', the fix of that CVE is as simple as migrating to the latest codebase of said library.

      Along this, it would be beneficial to perform some side activities, such as the upgrade to the latest parent pom and junit5.

      Attachments

        Issue Links

          relates to

          Question - A formal question. Initially added for the Legal JIRA. LEGAL-666 Use of org.json with public domain license

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #2

          Activity

            People

              rliechti Remo Liechti
              rliechti Remo Liechti
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: