Skip to content
This repository has been archived by the owner on Nov 7, 2024. It is now read-only.

91: Stack overflow error caused by jakarta.json parsing of untrusted JSON String #87

Merged
merged 1 commit into from
Nov 7, 2024
Merged

91: Stack overflow error caused by jakarta.json parsing of untrusted JSON String #87

merged 1 commit into from
Nov 7, 2024

Conversation

jbescos
Copy link
Contributor

@jbescos jbescos commented Oct 28, 2024

@keilw
Copy link
Member

keilw commented Oct 29, 2024

Thanks @jbescos, but I don't see, this project still would do any more releases.

This project is now part of the EE4J initiative. This repository has been archived as all activities are now happening in the corresponding Eclipse repository. See here for the overall EE4J transition status.

@jbescos
Copy link
Contributor Author

jbescos commented Oct 29, 2024

Thanks @jbescos, but I don't see, this project still would do any more releases.

This project is now part of the EE4J initiative. This repository has been archived as all activities are now happening in the corresponding Eclipse repository. See here for the overall EE4J transition status.

Exceptionally, we reopen these archived projects and we make a new release. We didn't do it so far in jsonp, but I think it will be possible.

For the time being, could you please review it and approve/merge if the fix suits you?.

We need to apply this fix also in version 1.0.4, but there is no branch for it. Are you able to create a new branch from tag jsonp-1.0.4 ?. I will create a new PR to that branch.

@keilw
Copy link
Member

keilw commented Oct 29, 2024

Technically I could, but who needs that kind of fork after all these years?
Do you have a requirement/vendor that must use the old version instead of Jakarta EE 8 or higher?

@jbescos
Copy link
Contributor Author

jbescos commented Oct 29, 2024

Technically I could, but who needs that kind of fork after all these years? Do you have a requirement/vendor that must use the old version instead of Jakarta EE 8 or higher?

This is for Weblogic 12c and 14g.

@jbescos
Copy link
Contributor Author

jbescos commented Nov 4, 2024
edited
Loading

@keilw could you merge this, please?. I want to have it here, in case in the future there is another security issue, this fix will be also included.

Note that @edbratt opened this repo for this.

@keilw
Copy link
Member

keilw commented Nov 4, 2024

@edbratt Can you confirm this need by Weblogic?
Most other spec repositories here are archived, so I want to be sure, there is a real business case for it.

I was told so especially working in the WebLogic support team some years ago ;-)

@edbratt
Copy link
Member

edbratt commented Nov 5, 2024

Yes, this is required

@jbescos
Copy link
Contributor Author

jbescos commented Nov 6, 2024

@keilw would you be able to create the branch as I said here, please?:
#87 (comment)

@keilw
Copy link
Member

keilw commented Nov 6, 2024
edited
Loading

@jbescos I'm afraid, maybe because it was archived before, or for another reason I do not have write access to this repository anymore.

This branch has no conflicts with the base branch
Only those with write access to this repository can merge pull requests.

@edbratt Are you an admin, maybe you can help grant me write access again, otherwise @m0mus could help?

@m0mus m0mus merged commit 4ee2ede into javaee:master Nov 7, 2024
@jbescos jbescos mentioned this pull request Nov 7, 2024
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jbescos @keilw @edbratt @m0mus