Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.2.0][Dependency Upgrade] json-smart version upgrade #1297

Closed
msm1992 opened this issue Jan 23, 2023 · 1 comment
Closed

[4.2.0][Dependency Upgrade] json-smart version upgrade #1297

msm1992 opened this issue Jan 23, 2023 · 1 comment
Assignees
@msm1992
Labels
4.2.0-beta Component/APIM Priority/Normal Type/Task
Milestone
4.2.0-Beta

Comments

@msm1992
Copy link

msm1992 commented Jan 23, 2023

Description

This issue is created to track json-smart version upgrade in APIM 4.2.0.

Json-smart version used in APIM 4.2.0 plugins is 2.4.7 which is not affected by known vulnerabilities. However the json-smart version 2.3 is used in jsonpath 2.4.0.wso2v1 and it is affected by a known CVE. Hence the fix for this it to upgrade the jsonpath version in APIM 4.2.0 to 2.6.0.wso2v1. [1]

[1]. https://github.com/wso2/orbit/blob/master/jsonpath/2.6.0.wso2v1/pom.xml

Affected Component

APIM

Version

4.2.0

Related Issues

No response

Suggested Labels

No response
@msm1992 msm1992 self-assigned this Jan 23, 2023
@msm1992 msm1992 mentioned this issue Jan 29, 2023
Closed
@msm1992 msm1992 added this to the 4.2.0-Beta milestone Jan 29, 2023
This was referenced Jan 30, 2023
Merged
Merged
@msm1992
Copy link
Author

msm1992 commented Feb 2, 2023

Will be fixed with below PRs.

[1]. wso2/carbon-analytics-common#822
[2]. wso2/carbon-apimgt#11820
[3]. wso2/product-apim#13111

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msm1992 msm1992

Labels
4.2.0-beta Component/APIM Priority/Normal Type/Task
Projects
None yet
Milestone
4.2.0-Beta
Development

No branches or pull requests
2 participants
@npamudika @msm1992