Hi, A long time ago we retired the commons.json module for legal reasons [1], leaving it only in the SVN attic [2].
After some time a CVE was reported against this module [3] which we could not fix as we could not release new versions. In the meantime, the JSON library we have been using has changed its license to 'Public domain', which makes it acceptable for use at the ASF. [4] I would like to create a GitHub repository for this module and include the current state from the attic. This opens up the way for creating a final service release, allowing consumers of this bundle that have not cleaned up their usages to use non-vulnerable versions. I will leave this thread open for comments for 72 hours. Thanks, Robert [1]: https://lists.apache.org/thread/p9rmd9dvgk04h36dtm6vn0bj6dkx0hkk [2]: https://svn.apache.org/repos/asf/sling/attic/commons.json/ [3]: https://www.cve.org/CVERecord?id=CVE-2022-47937 [4]: https://issues.apache.org/jira/browse/LEGAL-666
