Description
The json-smart have a 2.4.7 release that has CVE fixes, and we can add it back. The json-smart is not really in use as we use jackson however OSGi is of course half-fucked so there are some package imports so you end up having to have the JARs.