Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade json-smart to avoid security issue #1860

Closed
fbiville opened this issue Apr 21, 2021 · 0 comments
Closed

Upgrade json-smart to avoid security issue #1860

fbiville opened this issue Apr 21, 2021 · 0 comments
Assignees
@conker84

Comments

@fbiville
Copy link
Contributor

fbiville commented Apr 21, 2021
edited
Loading

net.minidev:json-smart:2.3 is currently transitively used by APOC (4.2 and 4.3, core and full) via com.jayway.jsonpath:json-path:2.4.0.

This version of json-smart (up until 2.4 actually) is currently insecure, as detailed by CVE-2021-27568.

The latest json-path (2.5.0 at the time of writing) still references json-smart 2.3.
Before the next json-path release happens (see requests here and there), could we try to enforce the 2.4.1 (which fixes the issue) or 2.4.5 version of json-smart directly in APOC 4.2 and 4.3 and release them if the build succeeds?
conker84 added a commit to conker84/neo4j-apoc-procedures that referenced this issue Apr 22, 2021
@conker84
fixes neo4j-contrib#1860: Upgrade json-smart to avoid security issue
d25347e
@conker84 conker84 mentioned this issue Apr 22, 2021
Merged
conker84 added a commit to conker84/neo4j-apoc-procedures that referenced this issue Apr 22, 2021
@conker84
fixes neo4j-contrib#1860: Upgrade json-smart to avoid security issue
46d2500
conker84 added a commit to conker84/neo4j-apoc-procedures that referenced this issue Apr 22, 2021
@conker84
fixes neo4j-contrib#1860: Upgrade json-smart to avoid security issue
22506d7
conker84 added a commit to conker84/neo4j-apoc-procedures that referenced this issue Apr 22, 2021
@conker84
fixes neo4j-contrib#1860: Upgrade json-smart to avoid security issue
fb10caa
conker84 added a commit that referenced this issue Apr 22, 2021
@conker84
fixes #1860: Upgrade json-smart to avoid security issue (#1862)
c8382de
conker84 added a commit that referenced this issue Apr 22, 2021
@conker84
fixes #1860: Upgrade json-smart to avoid security issue (#1862)
a34c145
conker84 added a commit to conker84/neo4j-apoc-procedures that referenced this issue Apr 22, 2021
@conker84
fixes neo4j-contrib#1860: Upgrade json-smart to avoid security issue
b796cd0
conker84 added a commit that referenced this issue Apr 22, 2021
@conker84
fixes #1860: Upgrade json-smart to avoid security issue (#1863)
bc69c2b
@ncordon ncordon mentioned this issue May 12, 2022
Merged
@ncordon ncordon mentioned this issue Jun 13, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@conker84 conker84

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fbiville @conker84