Open nollymar opened 10 months ago
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
jsonpath is only used in one instance. Would have to investigate what's the alternative?
Suggestion is to make our own implementation or utilize the current dependencies that we already have to provide this service.
Parent Issue
No response
Problem Statement
Due to the vulnerability described here, we should remove the
com.jayway.jsonpath
library from the project and refactor this method https://github.com/dotCMS/core/blob/5df18c5f39e3150efc419eb034500dc1a2ac9f74/dotCMS/src/main/java/com/dotcms/content/elasticsearch/util/ESMappingUtilHelper.java#L468-L490 in a way that a JsonPath reference is not required.Steps to Reproduce
It is an internal code refactoring
Acceptance Criteria
com.jayway.jsonpath
is removed from the project.ESMappingUtilHelperTest
runs ok.dotCMS Version
master
Proposed Objective
Security & Privacy
Proposed Priority
Priority 2 - Important
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Quality Assurance Notes & Workarounds
No response
Sub-Tasks & Estimates
No response