File jettison.changes of Package jettison
-------------------------------------------------------------------
Tue Apr 18 15:26:38 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 1.5.4
* Fixes:
+ Fixing issue 60: Infinite recursion triggered when
constructing a JSONArray from a Collection (bsc#1209605,
CVE-2023-1436)
-------------------------------------------------------------------
Wed Dec 14 12:11:51 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 1.5.3
* Fixes:
+ Backslash escaping. Throw syntax exception on invalid json
sooner
+ Adding another test for backslashes
+ Introducing new static methods to set the recursion depth
limit
+ Incorrect recursion depth check in JSONTokener
+ Fixing StackOverflow error (bsc#1206400, CVE-2022-45685,
bsc#1206401, CVE-2022-45693)
-------------------------------------------------------------------
Wed Oct 5 08:33:43 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 1.5.1
* Fixes:
+ Stack Overflow fix on malformed JSON
(bsc#1203515, CVE-2022-40149)
+ Prevent infinite loop when a /* comment is not terminated
(bsc#1203516, CVE-2022-40150)
- Removed patches:
* jettison-1.3.7-jdk10plus.patch
* jettison-update-woodstox-version.patch
+ not needed with current version
-------------------------------------------------------------------
Tue Mar 22 16:38:03 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Build with source and target levels 8
-------------------------------------------------------------------
Sun Nov 24 12:41:56 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Specify maven.compiler.release to fix build with jdk9+ and newer
maven-javadoc-plugin
-------------------------------------------------------------------
Tue Jun 4 07:34:35 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Initial packaging of jettison 1.3.7