scim icon indicating copy to clipboard operation
scim copied to clipboard
verified publisher icon pingidentity

Update org.json:json:20140107 dependency version to latest

Open teodorakostova opened this issue 3 years ago • 2 comments

com.unboundid.components uses an old version of org.json library - org.json:json:20140107

Latest version of org.json:

<dependency>
   <groupId>org.json</groupId>
   <artifactId>json</artifactId>
   <version>20220924</version>
</dependency>

After update of org.json library in my project I get the following exception:

java.lang.NoSuchMethodError: org.json.JSONWriter.<init>(Ljava/io/Writer;)V

	at com.unboundid.scim.marshal.json.JsonStreamMarshaller.<init>(JsonStreamMarshaller.java:86)
	at com.unboundid.scim.marshal.json.JsonMarshaller.marshal(JsonMarshaller.java:87)
	at com.unboundid.scim.sdk.SCIMException.marshal(SCIMException.java:93)

teodorakostova avatar Dec 02 '22 08:12 teodorakostova

There is a CVE against org.json now: https://nvd.nist.gov/vuln/detail/CVE-2022-45688 and the fix is in recent release: https://github.com/stleary/JSON-java/releases/tag/20230227

narras-oss avatar Feb 27 '23 19:02 narras-oss

This issue still exists in this project because com.unboundid.components uses an old version of org.json library - org.json:json:20140107. The root cause is https://github.com/pingidentity/scim/blob/d007f3f614bef6316e613c5bf8985b886f0ef748/scim-sdk/src/main/java/com/unboundid/scim/marshal/json/JsonStreamMarshaller.java#L86 JSONWriter has been updated to use Appender instead of Writter class in the newer json library.

negne11 avatar Mar 06 '23 17:03 negne11