Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hazelcast 5.1.1 bundles outdated org.json:json:20201115 #21302

Closed
wfhartford opened this issue Apr 22, 2022 · 1 comment
Closed

Hazelcast 5.1.1 bundles outdated org.json:json:20201115 #21302

wfhartford opened this issue Apr 22, 2022 · 1 comment
Assignees
@TomaszGaweda
Labels
Source: Community PR or issue was opened by a community user Team: Integration Type: Defect
Milestone
5.2.0

Comments

@wfhartford
Copy link

The latest versions of Hazelcast shade the org.json:json:20201115 library, which is outdated and has a known bug described at stleary/JSON-java#654

Could a future version of Hazelcast upgrade this dependency to the latest version? At the moment, the latest version is 20220320.
@AyberkSorgun AyberkSorgun added Source: Community PR or issue was opened by a community user Team: Integration labels Jun 14, 2022
@AyberkSorgun AyberkSorgun added this to the 5.2 Backlog milestone Jun 14, 2022
@TomaszGaweda
Copy link
Contributor

Fixed by PR #21122

bonita-ci pushed a commit to bonitasoft/bonita-engine that referenced this issue Jul 20, 2022
@passga
fix(hazelcast): bump hazelcast version to 5.1.2 (#2305)
f7e5fb4 
bump hazelcast version to fix the CVE on json dependencies shaded by hazelcast.
more details hazelcast/hazelcast#21302
@AyberkSorgun AyberkSorgun modified the milestones: 5.2 Backlog, 5.2.0 Oct 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TomaszGaweda TomaszGaweda

Labels
Source: Community PR or issue was opened by a community user Team: Integration Type: Defect
Projects
None yet
Milestone
5.2.0
Development

No branches or pull requests
3 participants
@wfhartford @TomaszGaweda @AyberkSorgun