Skip to content

Fix s360 vulnerability for json dependency on v0.21

Christophe Mongin requested to merge cmongin/fix-vuln-0.21.1 into release/0.21

All Submissions:


What is the issue or story related to the change?


"risk": HIGH, "vuln_id": 995571, "vuln_name": Java (Maven) Security Update for org.json:json (GHSA-rm7j-f5g5-27vv), "cve": [CVE-2023-5072,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072],

"VulnerabilityId": 995935, "VulnerabilityName": Java (Maven) Security Update for org.json:json (GHSA-4jq9-2xhw-jpx7), "CVEs": [CVE-2023-5072,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072]

Change details:

Test coverage:


Does this introduce a breaking change?


  • [YES/NO]

Pending items


Reviewer request


  • Please provide an ETA when you plan to review this MR. Write a comment to decline or provide an ETA.
  • Block the MR if you feel there is less testing or no details in the MR
  • Please cover the following aspects in the MR -- Coding design: <Reviewer1> -- Backward Compatibility: <Reviewer2> -- Feature Logic: <Logic design> -- <Any other context mention here> OR -- <Component 1>: <Reviewer1> -- <CosmosDB>: <Reviewer2> -- <ServiceBus> <Reviewer3> -- <Mention any other component and owner>

Other information


Edited by Christophe Mongin

Merge request reports