Skip to content

update json-smart to 2.4.1 and accessors-smart to 1.3#656

Closed
sseide wants to merge 2 commits intoapache:masterfrom
sseide:update_jsonsmart
Closed

update json-smart to 2.4.1 and accessors-smart to 1.3#656
sseide wants to merge 2 commits intoapache:masterfrom
sseide:update_jsonsmart

Conversation

@sseide
Copy link
Contributor

@sseide sseide commented Apr 7, 2021

Description

This PR updates the used net.minidev:json-smart library to version 1.3 to fix a security warning. The accessors-smart lib is updated too as it belongs to json-smart and is released together

Issue discussing the update is here: netplex/json-smart-v2#62

Due to the long time since last release the gpg key has changed from the maintainer and checksum.xml was updated too.

Motivation and Context

fix security warning with CVE-2021-27568 affecting everything up to json-smart 2.4. At least NIST/MITRE assign it a HIGH criticallity by now.

How Has This Been Tested?

run gradlew check and use it for some days on our own setup.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • My code follows the code style of this project.
  • I have updated the documentation accordingly.

@asfgit asfgit closed this in 5a5cb21 Apr 10, 2021
@FSchumacher
Copy link
Contributor

FSchumacher commented Apr 10, 2021

Thanks for the PR

@sseide sseide deleted the update_jsonsmart branch June 7, 2021 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sseide @FSchumacher