jettison/jettison.changes

-------------------------------------------------------------------
Tue Sep  5 11:29:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Make manifest timestamp reproducible

-------------------------------------------------------------------
Tue Apr 18 15:26:38 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 1.5.4
  * Fixes:
    + Fixing issue 60: Infinite recursion triggered when
      constructing a JSONArray from a Collection (bsc#1209605,
      CVE-2023-1436)

-------------------------------------------------------------------
Wed Dec 14 12:11:51 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 1.5.3
  * Fixes:
    + Backslash escaping. Throw syntax exception on invalid json
      sooner
    + Adding another test for backslashes
    + Introducing new static methods to set the recursion depth
      limit
    + Incorrect recursion depth check in JSONTokener
    + Fixing StackOverflow error (bsc#1206400, CVE-2022-45685,
      bsc#1206401, CVE-2022-45693)

-------------------------------------------------------------------
Wed Oct  5 08:33:43 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 1.5.1
  * Fixes:
    + Stack Overflow fix on malformed JSON
      (bsc#1203515, CVE-2022-40149)
    + Prevent infinite loop when a /* comment is not terminated
      (bsc#1203516, CVE-2022-40150)
- Removed patches:
  * jettison-1.3.7-jdk10plus.patch
  * jettison-update-woodstox-version.patch
    + not needed with current version

-------------------------------------------------------------------
Tue Mar 22 16:38:03 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Build with source and target levels 8

-------------------------------------------------------------------
Sun Nov 24 12:41:56 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Specify maven.compiler.release to fix build with jdk9+ and newer
  maven-javadoc-plugin

-------------------------------------------------------------------
Tue Jun  4 07:34:35 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Initial packaging of jettison 1.3.7
OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=17 2023-09-05 11:29:40 +00:00			`-------------------------------------------------------------------`
			`Tue Sep 5 11:29:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>`

			`- Make manifest timestamp reproducible`

1.5.4 OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=15 2023-04-18 15:32:20 +00:00			`-------------------------------------------------------------------`
			`Tue Apr 18 15:26:38 UTC 2023 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to version 1.5.4`
			`* Fixes:`
			`+ Fixing issue 60: Infinite recursion triggered when`
			`constructing a JSONArray from a Collection (bsc#1209605,`
			`CVE-2023-1436)`

OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=11 2022-10-05 08:43:36 +00:00			`-------------------------------------------------------------------`
OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=13 2022-12-14 12:17:48 +00:00			`Wed Dec 14 12:11:51 UTC 2022 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to version 1.5.3`
			`* Fixes:`
			`+ Backslash escaping. Throw syntax exception on invalid json`
			`sooner`
			`+ Adding another test for backslashes`
			`+ Introducing new static methods to set the recursion depth`
			`limit`
			`+ Incorrect recursion depth check in JSONTokener`
			`+ Fixing StackOverflow error (bsc#1206400, CVE-2022-45685,`
			`bsc#1206401, CVE-2022-45693)`

			`-------------------------------------------------------------------`
OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=11 2022-10-05 08:43:36 +00:00			`Wed Oct 5 08:33:43 UTC 2022 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to version 1.5.1`
			`* Fixes:`
			`+ Stack Overflow fix on malformed JSON`
			`(bsc#1203515, CVE-2022-40149)`
			`+ Prevent infinite loop when a /* comment is not terminated`
			`(bsc#1203516, CVE-2022-40150)`
			`- Removed patches:`
			`* jettison-1.3.7-jdk10plus.patch`
			`* jettison-update-woodstox-version.patch`
			`+ not needed with current version`

OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=9 2022-03-22 16:38:21 +00:00			`-------------------------------------------------------------------`
			`Tue Mar 22 16:38:03 UTC 2022 - Fridrich Strba <fstrba@suse.com>`

			`- Build with source and target levels 8`

OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=7 2019-11-24 12:42:08 +00:00			`-------------------------------------------------------------------`
			`Sun Nov 24 12:41:56 UTC 2019 - Fridrich Strba <fstrba@suse.com>`

			`- Specify maven.compiler.release to fix build with jdk9+ and newer`
			`maven-javadoc-plugin`

OBS-URL: https://build.opensuse.org/package/show/Java:packages/jettison?expand=0&rev=2 2019-06-04 07:35:29 +00:00			`-------------------------------------------------------------------`
			`Tue Jun 4 07:34:35 UTC 2019 - Fridrich Strba <fstrba@suse.com>`

			`- Initial packaging of jettison 1.3.7`