forked from pool/jettison
58 lines
2.0 KiB
Plaintext
58 lines
2.0 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Sep 5 11:29:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Make manifest timestamp reproducible
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 18 15:26:38 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to version 1.5.4
|
|
* Fixes:
|
|
+ Fixing issue 60: Infinite recursion triggered when
|
|
constructing a JSONArray from a Collection (bsc#1209605,
|
|
CVE-2023-1436)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 14 12:11:51 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to version 1.5.3
|
|
* Fixes:
|
|
+ Backslash escaping. Throw syntax exception on invalid json
|
|
sooner
|
|
+ Adding another test for backslashes
|
|
+ Introducing new static methods to set the recursion depth
|
|
limit
|
|
+ Incorrect recursion depth check in JSONTokener
|
|
+ Fixing StackOverflow error (bsc#1206400, CVE-2022-45685,
|
|
bsc#1206401, CVE-2022-45693)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 5 08:33:43 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to version 1.5.1
|
|
* Fixes:
|
|
+ Stack Overflow fix on malformed JSON
|
|
(bsc#1203515, CVE-2022-40149)
|
|
+ Prevent infinite loop when a /* comment is not terminated
|
|
(bsc#1203516, CVE-2022-40150)
|
|
- Removed patches:
|
|
* jettison-1.3.7-jdk10plus.patch
|
|
* jettison-update-woodstox-version.patch
|
|
+ not needed with current version
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 22 16:38:03 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Build with source and target levels 8
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 24 12:41:56 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Specify maven.compiler.release to fix build with jdk9+ and newer
|
|
maven-javadoc-plugin
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 4 07:34:35 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Initial packaging of jettison 1.3.7
|