-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in org.json:json:20220320 #23565
Comments
Also affects:
|
Related to #23565 Backport of #23935 Checklist: - [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set - [x] Label `Add to Release Notes` or `Not Release Notes content` set - [x] Request reviewers if possible - [x] Send backports/forwardports if fix needs to be applied to past/future releases - [x] New public APIs have `@Nonnull/@Nullable` annotations - [x] New public APIs have `@since` tags in Javadoc
Related to #23565 Checklist: - [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set - [x] Label `Add to Release Notes` or `Not Release Notes content` set - [x] Request reviewers if possible - [x] Send backports/forwardports if fix needs to be applied to past/future releases - [x] New public APIs have `@Nonnull/@Nullable` annotations - [x] New public APIs have `@since` tags in Javadoc
Related to #23565 Forward port of #23935 Checklist: - [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set - [x] Label `Add to Release Notes` or `Not Release Notes content` set - [x] Request reviewers if possible - [x] Send backports/forwardports if fix needs to be applied to past/future releases - [x] New public APIs have `@Nonnull/@Nullable` annotations - [x] New public APIs have `@since` tags in Javadoc
Hi 👋 Sorry to ask, but is there any availability for when new releases will be available? Thanks! |
Hi @abelsromero 👋 The latest version 5.2.3 has already been released with the patched dependency: #23935 |
Thanks @sumnerib, sadly we are in another branch and we can't just bump it. We use 5.0.x but I didn't want to make it about our use case only 😅 I hope we all get the different releases eventually. |
Closing as the solution was merged into all branches |
org.json:json:20220320
CVE-2022-45688
https://nvd.nist.gov/vuln/detail/CVE-2022-45688
The same problem is for
5.2
,5.1
and5.0
version.GH issue from org.json
stleary/JSON-java#708
The text was updated successfully, but these errors were encountered: