Remo Liechti created SLING-12268: ------------------------------------ Summary: Fix CVE-2022-47937 Key: SLING-12268 URL: https://issues.apache.org/jira/browse/SLING-12268 Project: Sling Issue Type: Bug Components: Commons Reporter: Remo Liechti
Current version of apache commons json is affected by [https://nvd.nist.gov/vuln/detail/CVE-2022-47937] Due to the relicenced base library ([https://github.com/stleary/JSON-java)], that now uses the 'public domain', the fix of that CVE is as simple as migrating to the latest codebase of said library. Along this, it would be beneficial to perform some side activities, such as the upgrade to the latest parent pom and junit5. -- This message was sent by Atlassian Jira (v8.20.10#820010)