[ https://issues.apache.org/jira/browse/SLING-12268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17828315#comment-17828315 ]
Remo Liechti commented on SLING-12268: -------------------------------------- the PR is https://github.com/apache/sling-org-apache-sling-commons-json/pull/2 > Fix CVE-2022-47937 > ------------------ > > Key: SLING-12268 > URL: https://issues.apache.org/jira/browse/SLING-12268 > Project: Sling > Issue Type: Bug > Components: Commons > Reporter: Remo Liechti > Priority: Major > > Current version of apache commons json is affected by > [https://nvd.nist.gov/vuln/detail/CVE-2022-47937] > Due to the relicenced base library ([https://github.com/stleary/JSON-java)], > that now uses the 'public domain', the fix of that CVE is as simple as > migrating to the latest codebase of said library. > Along this, it would be beneficial to perform some side activities, such as > the upgrade to the latest parent pom and junit5. -- This message was sent by Atlassian Jira (v8.20.10#820010)