[ https://issues.apache.org/jira/browse/SLING-12304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Munteanu updated SLING-12304: ------------------------------------ Fix Version/s: Commons JSON 2.0.28 > Broken backwards compatibility: out of order json object > -------------------------------------------------------- > > Key: SLING-12304 > URL: https://issues.apache.org/jira/browse/SLING-12304 > Project: Sling > Issue Type: Bug > Affects Versions: Commons JSON 2.0.26 > Reporter: Remo Liechti > Priority: Critical > Fix For: Commons JSON 2.0.28 > > > The fix of CVE-2022-47937 introduced an invalid backwards compatibility for > the order in jsonobject. > New behaviour: has the keys unordered, as JsonObject uses a HashMap. > Old behaviour: Kept insertion order of keys as JsonObject used LinkedHashMap. > To no break existing users of the library, reestablish the old behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)