Comments (10)
accessors-smart 2.4.10 is released, I let you close the issue.
from json-smart-v2.
V 2.4.11 just released.
the release contains all 3 sub-projects with the last 2.4.11 version number.
no more reference to any 2.4.9 version.
from json-smart-v2.
Confirmed 2.4.11 is released for both json-smart and smart-accessors and the cve is no longer reporting. Thanks for the update!
from json-smart-v2.
Accessors-smart itself is not concerned by CVE-2023-1370
I can bump the project version, but the code will remain the same.
from json-smart-v2.
Yes. that is true. It would nice to keep the versions consistent. I typically have my version variables associated to the GitHub repos and when they vary, it's a bit annoying to have to create a new variable. In this instant I have two variables:
netplexJsonSmartV2Version = "2.4.10" // https://github.com/netplex/json-smart-v2
netplexJsonSmartV2AccessorsVersion = "2.4.9" // https://github.com/netplex/json-smart-v2 - split version for accesors
from json-smart-v2.
jsonSmartV2Accessors contains the same code since V2.4.0 so just hard code jsonSmart Accessors version in your maven files.
I will try pu push a new copy tomorrow.
from json-smart-v2.
Any movement on pushing a 2.4.10 accessors-smart
version? Our tooling is also complaining about the mentioned CVE.
from json-smart-v2.
accessors-smart 2.4.10 does not seem to be on the Maven repos - see https://mvnrepository.com/artifact/net.minidev/accessors-smart
Would it be possible to do an official build of this jar?
from json-smart-v2.
Exactly, I see version 2.4.10 in this repository but not in maven central (yet?). Is there any ETA please?
from json-smart-v2.
That's because json-smart 2.4.10 still has accessors-smart 2.4.9 as dependency. There's no accessors-smart 2.4.10. Could you please update?
from json-smart-v2.
Related Issues (20)
- Integrating json-smart-v2 into OSS-Fuzz HOT 1
- depth limit of 400 when parsing JSON ! Why? HOT 9
- 2.4.9 breaks JSON parser HOT 3
- CVE-2023-1370 CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') HOT 4
- net.minidev.json.parser.ParseException: Malicious payload, having non natural depths. HOT 8
- can suport graalvm-native? HOT 1
- Lacking org.hamcrest.Matcher helpers to perform assertion in unit tests HOT 5
- JSONObject.merge blocks overwriting HOT 1
- Unpack dependencies is failing: Negative time HOT 1
- Parsing partial and incomplete JSON without error HOT 1
- Maintain the precision of a decimal number. HOT 3
- Accessors-smart v2.5.1 is flagged as High CVE HOT 2
- Parent pom for 2.4.4 missing in Maven Central HOT 21
- support latest asm in accessor-smart HOT 4
- Unicode characters are not correctly parsed from byte[] if default charset is not UTF-8
- Signing key is not published HOT 3
- !!!URGENT!!! Upgrading to json-smart 2.4.5 causes missing dependency `net.minidev:accessors-smart:jar:2.4.3` HOT 3
- Java record support HOT 2
- Add a constructor with size parameter on JSONArray and JSONObject classes HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json-smart-v2.