[jira] [Updated] (SLING-12304) Broken backwards compatibility: out of order json object

Robert Munteanu (Jira) Wed, 24 Apr 2024 23:15:15 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-12304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Munteanu updated SLING-12304:
------------------------------------
    Fix Version/s: Commons JSON 2.0.28

> Broken backwards compatibility: out of order json object
> --------------------------------------------------------
>
>                 Key: SLING-12304
>                 URL: https://issues.apache.org/jira/browse/SLING-12304
>             Project: Sling
>          Issue Type: Bug
>    Affects Versions: Commons JSON 2.0.26
>            Reporter: Remo Liechti
>            Priority: Critical
>             Fix For: Commons JSON 2.0.28
>
>
> The fix of CVE-2022-47937 introduced an invalid backwards compatibility for 
> the order in jsonobject.
> New behaviour: has the keys unordered, as JsonObject uses a HashMap.
> Old behaviour: Kept insertion order of keys as JsonObject used LinkedHashMap.
> To no break existing users of the library, reestablish the old behaviour.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (SLING-12304) Broken backwards compatibility: out of order json object

Reply via email to