As part of the core dependencies, json-lib has not been updated for a decade and depends on an outdated version of commons-lang2. https://github.com/jenkinsci/jenkins/pull/8996#issuecomment-2033276342
I have created a Jira issue for the modernization of json-lib, which has been added to the Jira epic "Core and core component dependency debt" as a part of it. https://issues.jenkins.io/browse/JENKINS-72981 https://issues.jenkins.io/browse/JENKINS-68689 The following phased plan is proposed: Step 1: Merge the exclusive dependency of json-lib, ezmorph, directly into our forked json-lib repository. We plan to release it in a single jar package in the future. (Already create a PR: https://github.com/jenkinsci/json-lib/pull/8) Step 2: Update the code to replace all uses of commons-lang2 with Java native API. Step 3: Rebuild the CI release process for json-lib and release a new version. Thanks Bob Du -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEc6OW%2Bphes6EosTDh5%3DSg%3DYdNOtTHd4rGnBCVATQrKGyTBkbw%40mail.gmail.com.
