jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [jmeter] sseide opened a new pull request #656: update json-smart to 2.4.1 and accessors-smart to 1.3
Date Wed, 07 Apr 2021 12:46:36 GMT

sseide opened a new pull request #656:
URL: https://github.com/apache/jmeter/pull/656


   ## Description
   
   This PR updates the used net.minidev:json-smart library to version 1.3 to fix a security
warning. The accessors-smart lib is updated too as it belongs to json-smart and is released
together
   
   Issue discussing the update is here: https://github.com/netplex/json-smart-v2/issues/62
   
   Due to the long time since last release the gpg key has changed from the maintainer and
`checksum.xml` was updated too.
   
   ## Motivation and Context
   
   fix security warning with CVE-2021-27568 affecting everything up to json-smart 2.4. At
least NIST/MITRE assign it a HIGH criticallity by now.
   
   ## How Has This Been Tested?
   
   run `gradlew check` and use it for some days on our own setup.
   
   ## Screenshots (if appropriate):
   
   ## Types of changes
   <!--- What types of changes does your code introduce? Delete as appropriate -->
   - Bug fix (non-breaking change which fixes an issue)
   
   ## Checklist:
   <!--- Go over all the following points, and put an `x` in all the boxes that apply.
-->
   <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help!
-->
   - [x] My code follows the [code style][style-guide] of this project.
   - [x] I have updated the documentation accordingly.
   
   [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message