This issue has been created
There are 5 updates.
 
 
XWiki Platform / cid:jira-generated-image-avatar-092cc54d-83c1-47e5-911b-8a2ceda83c0c XWIKI-23397 Closed

Drop the json-lib dependency and ban old commons-lang
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-3b230d49-ea41-4387-93fc-ae29f407e657 Marius Dumitru Florea created this issue on 21/Jul/25 17:21
 
Summary: Drop the json-lib dependency and ban old commons-lang
Issue Type: cid:jira-generated-image-avatar-092cc54d-83c1-47e5-911b-8a2ceda83c0c Task
Affects Versions: 17.5.0
Assignee: Unassigned
Components: Velocity
Created: 21/Jul/25 17:21
Priority: cid:jira-generated-image-static-major-59bda9e6-7b79-445d-8a53-70743cb44b38 Major
Reporter: Marius Dumitru Florea
Description:

json-lib is not maintained for a very long time, and it requires commons-lang (2.x) which has known security vulnerabilities. We need to drop json-lib even if this means partially breaking backwards compatibility for $jsontool.parse(). The tradeoff is to keep the $jsontool.parse() method but change its return type to Object, which should preserve backwards compatibility with most Velocity scripts, if they don't assume the return type is net.sf.json.JSON.
 
 

5 updates

 
cid:jira-generated-image-avatar-3b230d49-ea41-4387-93fc-ae29f407e657 Changes by Marius Dumitru Florea on 21/Jul/25 17:22
 
Fix Version: 17.6.0-rc-1
Assignee: Marius Dumitru Florea
Resolution: Fixed
Tests: Unit
Status: Open Closed
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.