[jira] [Resolved] (CALCITE-6124) Upgrade json-path version to 2.8.0

Benchao Li (Jira) Fri, 17 Nov 2023 05:47:06 -0800


     [ 
https://issues.apache.org/jira/browse/CALCITE-6124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Benchao Li resolved CALCITE-6124.
---------------------------------
    Fix Version/s: 1.37.0
         Assignee: Yubin Li
       Resolution: Fixed

Fixed via 
[https://github.com/apache/calcite/commit/d0f0214c6a5f2fc16672ac1166d499fd9bbdec5e]

[~liyubin117] Thanks for your contribution!

> Upgrade json-path version to 2.8.0
> ----------------------------------
>
>                 Key: CALCITE-6124
>                 URL: https://issues.apache.org/jira/browse/CALCITE-6124
>             Project: Calcite
>          Issue Type: Bug
>          Components: core
>            Reporter: Yubin Li
>            Assignee: Yubin Li
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.37.0
>
>
> json-path has critical bugs in 2.7.0 used in Caclite project, see 
> [https://github.com/json-path/JsonPath/issues/906]
> cve: [https://www.cve.org/CVERecord?id=CVE-2023-1370]
> the current version is vulnerable to Denial of Service (DoS) due to a 
> StackOverflowError when parsing a deeply nested JSON array or object, and the 
> issue has been fixed in 2.8.0.
> We should bump to to the latest version to resolve it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CALCITE-6124) Upgrade json-path version to 2.8.0

Reply via email to