[jira] [Created] (SLING-12304) Broken backwards compatibility: out of order json object
Remo Liechti created SLING-12304: Summary: Broken backwards compatibility: out of order json object Key: SLING-12304 URL: https://issues.apache.org/jira/browse/SLING-12304 Project: Sling Issue Type: Bug Affects Versions: Commons JSON 2.0.26 Reporter: Remo Liechti The fix of CVE-2022-47937 introduced an invalid backwards compatibility for the order in jsonobject. New behaviour: has the keys unordered, as JsonObject uses a HashMap. Old behaviour: Kept insertion order of keys as JsonObject used LinkedHashMap. To no break existing users of the library, reestablish the old behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12291) Broken backwards compatibility for duplicated keys
Remo Liechti created SLING-12291: Summary: Broken backwards compatibility for duplicated keys Key: SLING-12291 URL: https://issues.apache.org/jira/browse/SLING-12291 Project: Sling Issue Type: Bug Reporter: Remo Liechti The fix of CVE-2022-47937 introduced an invalid backwards compatibility for duplicated keys in a json. New behaviour: throws an exception on duplicated keys Old behaviour: ignores the fact and is able to process json with duplicated keys. To no break existing users of the library, reestablish the old behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12291) Broken backwards compatibility for duplicated keys
[ https://issues.apache.org/jira/browse/SLING-12291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Remo Liechti updated SLING-12291: - Affects Version/s: Commons JSON 2.0.24 > Broken backwards compatibility for duplicated keys > -- > > Key: SLING-12291 > URL: https://issues.apache.org/jira/browse/SLING-12291 > Project: Sling > Issue Type: Bug >Affects Versions: Commons JSON 2.0.24 >Reporter: Remo Liechti >Priority: Major > > The fix of CVE-2022-47937 introduced an invalid backwards compatibility for > duplicated keys in a json. > New behaviour: throws an exception on duplicated keys > Old behaviour: ignores the fact and is able to process json with duplicated > keys. > To no break existing users of the library, reestablish the old behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12269:
-
Description:
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{code:java}
public String getString(String key) throws JSONException {
return get(key).toString();
}{code}
*New:*
{{}}
{code:java}
public String getString(String key) throws JSONException {
Objectobject=this.get(key);
if (objectinstanceofString) {
return (String) object;
}
throwwrongValueFormatException(key, "string", object, null);
}{code}
Same is true for all other types, such as getInt, getLong etc.
There might be more such small differences in behaviour.
was:
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{{public String getString(String key) throws JSONException {}}
{{ return get(key).toString();}}
{{}}}
*New:*
{{public String getString(String key) throws JSONException {}}
{{ Objectobject=this.get(key);}}
{{ if (objectinstanceofString) {}}
{{ return (String) object;}}
}
{{ throwwrongValueFormatException(key, "string", object, null);}}
{{}}}
Same is true for all other types, such as getInt, getLong etc.
There might be more such small differences in behaviour.
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
> Attachments: SLING-12269.patch
>
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {code:java}
> public String getString(String key) throws JSONException {
> return get(key).toString();
> }{code}
> *New:*
> {{}}
> {code:java}
> public String getString(String key) throws JSONException {
> Objectobject=this.get(key);
> if (objectinstanceofString) {
> return (String) object;
> }
> throwwrongValueFormatException(key, "string", object, null);
> }{code}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828626#comment-17828626
]
Remo Liechti commented on SLING-12269:
--
to restore the happy path functionality, it is enough to patch getString of
JSONObject and JSONArray. However, the edge cases now throw different
exceptions (before: ClassCast, NumberFormat. Now: JsonException)
Please see attached patch that would give us the same old behavior, with
slightly adapted unit tests. Marked the two lines changed in JSONObject and
JSONArray as well as added a note to the manual steps in the readme.
[^SLING-12269.patch]
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
> Attachments: SLING-12269.patch
>
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12269:
-
Attachment: SLING-12269.patch
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
> Attachments: SLING-12269.patch
>
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828433#comment-17828433
]
Remo Liechti commented on SLING-12269:
--
not so sure, if somebody was actually having an inputfield on a UI where the
user could enter some numbers, and was checking for NumberFormatException in
order to present a proper error message to the user, this could be broken.
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 4:05 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{code:java}
public long getLong(String key) throws JSONException{
Object o = get(key);
return o instanceof Number ?
((Number)o).longValue() : Long.valueOf((String)o).longValue();
}{code}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{code:java}
public long getLong(String key) throws JSONException {
final Object object = this.get(key);
if (object instanceof Number){
return ((Number) object).longValue();
}
try{
return Long.parseLong(object.toString());
}catch (Exception e){
throw wrongValueFormatException(key, "long", object, e);
}
}{code}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{public long getLong(String key) throws JSONException{}}
{{ Object o = get(key);}}
{{ return o instanceof Number ?}}
{{ ((Number)o).longValue() : Long.valueOf((String)o).longValue();}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
public long getLong(String key) throws JSONException {
}}{{ final Object object = this.get(key);
}}{{ if (object instanceof Number){
{{ return ((Number) object).longValue();}}
{{ }}}
try{
{{ return Long.parseLong(object.toString());}}
}catch (Exception e){
{{ throw wrongValueFormatException(key, "long", object, e);}}
{{ }}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 4:03 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{public long getLong(String key) throws JSONException{}}
{{ Object o = get(key);}}
{{ return o instanceof Number ?}}
{{ ((Number)o).longValue() : Long.valueOf((String)o).longValue();}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
public long getLong(String key) throws JSONException {
}}{{ final Object object = this.get(key);
}}{{ if (object instanceof Number){
{{ return ((Number) object).longValue();}}
{{ }}}
try{
{{ return Long.parseLong(object.toString());}}
}catch (Exception e){
{{ throw wrongValueFormatException(key, "long", object, e);}}
{{ }}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{public long getLong(String key) throws JSONException{}}
{{ Object o = get(key);}}
{{ return o instanceof Number ?}}
{{ ((Number)o).longValue() : Long.valueOf((String)o).longValue();}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{{{{{}catch (Exception e){}}}}}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 4:01 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{public long getLong(String key) throws JSONException{}}
{{ Object o = get(key);}}
{{ return o instanceof Number ?}}
{{ ((Number)o).longValue() : Long.valueOf((String)o).longValue();}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{{{{{}catch (Exception e){}}}}}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
public long getLong(String key) throws JSONException{
}} Object o = get(key);}}
return o instanceof Number ?}} }}
{{ ((Number)o).longValue() : Long.valueOf((String)o).longValue();}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{{{{{}catch (Exception e){}}}}}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 4:01 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
public long getLong(String key) throws JSONException{
}} Object o = get(key);}}
return o instanceof Number ?}} }}
{{ ((Number)o).longValue() : Long.valueOf((String)o).longValue();}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{{{{{}catch (Exception e){}}}}}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}{{{}{{}}}
Object o = get(key);
{{ return o instanceof Number ? }}
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}{{{}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{}}}{{{}catch (Exception e){}}}{{{}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 4:00 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}{{{}{{}}}
Object o = get(key);
{{ return o instanceof Number ? }}
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}{{{}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{}}}{{{}catch (Exception e){}}}{{{}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}}}{{}}}
Object o = get(key);
{{ return o instanceof Number ? }}
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{}}}{{{}catch (Exception e){}}}{{{}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 3:59 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}}}{{}}}
Object o = get(key);
{{ return o instanceof Number ? }}
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}{
return Long.parseLong(object.toString());
{{{} }{}}}{{{}catch (Exception e){}}}{{{}{{}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}}}{
{{
Object o = get(key);
{{ return o instanceof Number ? }}
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}}}{ {{
return Long.parseLong(object.toString());
{{{} }{}}}{{{}catch (Exception e){}}}}}{ {}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 3:59 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}}}{
{{
Object o = get(key);
{{ return o instanceof Number ? }}
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}}}{ {}}}
return ((Number) object).longValue();
{{{} try{}}}}}{ {{
return Long.parseLong(object.toString());
{{{} }{}}}{{{}catch (Exception e){}}}}}{ {}}}
throw wrongValueFormatException(key, "long", object, e);
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}{{{}{ {}}}
{{ Object o = get(key); }}
{{ return o instanceof Number ? }}
{{ ((Number)o).longValue() : }}
{{ Long.valueOf((String)o).longValue(); }}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}{{{}{ {}}}
{{ return ((Number) object).longValue(); }}
{{ }}}{{ }}
{{{} try{}}}{{{}{ {}}}
{{ return Long.parseLong(object.toString()); }}
{{{} }{}}}{{{}catch (Exception e){}}}{{{}{ {}}}
{{ throw wrongValueFormatException(key, "long", object, e); }}}{{
}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti edited comment on SLING-12269 at 3/19/24 3:58 PM:
---
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
{{{}public long getLong(String key) throws JSONException{}}}{{{}{ {}}}
{{ Object o = get(key); }}
{{ return o instanceof Number ? }}
{{ ((Number)o).longValue() : }}
{{ Long.valueOf((String)o).longValue(); }}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
{{public long getLong(String key) throws JSONException {}}
{{ final Object object = this.get(key);}}
{{{} if (object instanceof Number){}}}{{{}{ {}}}
{{ return ((Number) object).longValue(); }}
{{ }}}{{ }}
{{{} try{}}}{{{}{ {}}}
{{ return Long.parseLong(object.toString()); }}
{{{} }{}}}{{{}catch (Exception e){}}}{{{}{ {}}}
{{ throw wrongValueFormatException(key, "long", object, e); }}}{{
}}
{{}}}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
was (Author: JIRAUSER304615):
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
public long getLong(String key) throws JSONException {
Object o = get(key);
return o instanceof Number ?
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
public long getLong(String key) throws JSONException {
final Object object = this.get(key);
if (object instanceof Number) {
return ((Number) object).longValue();
}
try {
return Long.parseLong(object.toString());
} catch (Exception e) {
throw wrongValueFormatException(key, "long", object, e);
}
}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828428#comment-17828428
]
Remo Liechti commented on SLING-12269:
--
Similar Story for JSONArray and maybe more classes, to be checked.
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828427#comment-17828427
]
Remo Liechti commented on SLING-12269:
--
I think the behaviour is changed for all methods.
I.e. for getLong:
*Old:*
public long getLong(String key) throws JSONException {
Object o = get(key);
return o instanceof Number ?
((Number)o).longValue() :
Long.valueOf((String)o).longValue();
}
+Cases+
# Object o is Number: returns long
# Object o is String of format Long: returns long
# Object o is String with invalid format: throws a NumberFormatException
# Object o is no String: throws ClassCastException
*New:*
public long getLong(String key) throws JSONException {
final Object object = this.get(key);
if (object instanceof Number) {
return ((Number) object).longValue();
}
try {
return Long.parseLong(object.toString());
} catch (Exception e) {
throw wrongValueFormatException(key, "long", object, e);
}
}
+Cases+
# Object o is Number: returns long
# Object o is any type, does toString() with valid format: returns long
# Object o is any type, does toString() with invalid format: throws a
JsonException
# throws no more ClassCastException nor NumberFormatException
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12269:
-
Description:
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{{public String getString(String key) throws JSONException {}}
{{ return get(key).toString();}}
{{}}}
*New:*
{{public String getString(String key) throws JSONException {}}
{{ Objectobject=this.get(key);}}
{{ if (objectinstanceofString) {}}
{{ return (String) object;}}
}
{{ throwwrongValueFormatException(key, "string", object, null);}}
{{}}}
Same is true for all other types, such as getInt, getLong etc.
There might be more such small differences in behaviour.
was:
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{{public String getString(String key) throws JSONException {}}
{{ return get(key).toString();}}
{{}}}
*New:*
{{public String getString(String key) throws JSONException {}}
{{ Objectobject=this.get(key);}}
{{ if (objectinstanceofString) {}}
{{ return (String) object;}}
}
{{ throwwrongValueFormatException(key, "string", object, null);}}
{{}}}
{{Same is true for all other types, such as getInt, getLong etc.}}
{{There might be more such small differences in behaviour.}}
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> Same is true for all other types, such as getInt, getLong etc.
> There might be more such small differences in behaviour.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12269) Changed behaviour in commons json when used as a dependency
[
https://issues.apache.org/jira/browse/SLING-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12269:
-
Description:
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{{public String getString(String key) throws JSONException {}}
{{ return get(key).toString();}}
{{}}}
*New:*
{{public String getString(String key) throws JSONException {}}
{{ Objectobject=this.get(key);}}
{{ if (objectinstanceofString) {}}
{{ return (String) object;}}
}
{{ throwwrongValueFormatException(key, "string", object, null);}}
{{}}}
{{Same is true for all other types, such as getInt, getLong etc.}}
{{There might be more such small differences in behaviour.}}
was:
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{{public String getString(String key) throws JSONException {}}
{{ return get(key).toString();}}
{{}}}
*New:*
{{public String getString(String key) throws JSONException {}}
{{ Objectobject=this.get(key);}}
{{ if (objectinstanceofString) {}}
{{ return (String) object;}}
{{ }}}
{{ throwwrongValueFormatException(key, "string", object, null);}}
{{}}}
{{Same is true for all other types, such as getInt, getLong etc.}}
{{There might be more such small differences in behaviour.}}
> Changed behaviour in commons json when used as a dependency
> ---
>
> Key: SLING-12269
> URL: https://issues.apache.org/jira/browse/SLING-12269
> Project: Sling
> Issue Type: Bug
>Reporter: Remo Liechti
>Priority: Blocker
>
> With the new internal release 2.0.22, there seems to be a different behaviour
> when it comes to get values from JSONObject.
> The new version checks for types and throws an exception, as of the old
> version simply called toString() on any object found.
> *Old:*
> {{public String getString(String key) throws JSONException {}}
> {{ return get(key).toString();}}
> {{}}}
> *New:*
> {{public String getString(String key) throws JSONException {}}
> {{ Objectobject=this.get(key);}}
> {{ if (objectinstanceofString) {}}
> {{ return (String) object;}}
> }
> {{ throwwrongValueFormatException(key, "string", object, null);}}
> {{}}}
>
> {{Same is true for all other types, such as getInt, getLong etc.}}
> {{There might be more such small differences in behaviour.}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (SLING-12269) Changed behaviour in commons json when used as a dependency
Remo Liechti created SLING-12269:
Summary: Changed behaviour in commons json when used as a
dependency
Key: SLING-12269
URL: https://issues.apache.org/jira/browse/SLING-12269
Project: Sling
Issue Type: Bug
Reporter: Remo Liechti
With the new internal release 2.0.22, there seems to be a different behaviour
when it comes to get values from JSONObject.
The new version checks for types and throws an exception, as of the old version
simply called toString() on any object found.
*Old:*
{{public String getString(String key) throws JSONException {}}
{{ return get(key).toString();}}
{{}}}
*New:*
{{public String getString(String key) throws JSONException {}}
{{ Objectobject=this.get(key);}}
{{ if (objectinstanceofString) {}}
{{ return (String) object;}}
{{ }}}
{{ throwwrongValueFormatException(key, "string", object, null);}}
{{}}}
{{Same is true for all other types, such as getInt, getLong etc.}}
{{There might be more such small differences in behaviour.}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12268) Fix CVE-2022-47937
[ https://issues.apache.org/jira/browse/SLING-12268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828315#comment-17828315 ] Remo Liechti commented on SLING-12268: -- the PR is https://github.com/apache/sling-org-apache-sling-commons-json/pull/2 > Fix CVE-2022-47937 > -- > > Key: SLING-12268 > URL: https://issues.apache.org/jira/browse/SLING-12268 > Project: Sling > Issue Type: Bug > Components: Commons >Reporter: Remo Liechti >Priority: Major > > Current version of apache commons json is affected by > [https://nvd.nist.gov/vuln/detail/CVE-2022-47937] > Due to the relicenced base library ([https://github.com/stleary/JSON-java)], > that now uses the 'public domain', the fix of that CVE is as simple as > migrating to the latest codebase of said library. > Along this, it would be beneficial to perform some side activities, such as > the upgrade to the latest parent pom and junit5. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12268) Fix CVE-2022-47937
Remo Liechti created SLING-12268: Summary: Fix CVE-2022-47937 Key: SLING-12268 URL: https://issues.apache.org/jira/browse/SLING-12268 Project: Sling Issue Type: Bug Components: Commons Reporter: Remo Liechti Current version of apache commons json is affected by [https://nvd.nist.gov/vuln/detail/CVE-2022-47937] Due to the relicenced base library ([https://github.com/stleary/JSON-java)], that now uses the 'public domain', the fix of that CVE is as simple as migrating to the latest codebase of said library. Along this, it would be beneficial to perform some side activities, such as the upgrade to the latest parent pom and junit5. -- This message was sent by Atlassian Jira (v8.20.10#820010)
