github-actions[bot]
commented
7 months ago This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
Open nollymar opened 10 months ago
github-actions[bot]
commented
7 months ago This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
mbiuki
commented
3 weeks ago jsonpath is only used in one instance. Would have to investigate what's the alternative?
mbiuki
commented
4 days ago Suggestion is to make our own implementation or utilize the current dependencies that we already have to provide this service.
Parent Issue
No response
Problem Statement
Due to the vulnerability described here, we should remove the
com.jayway.jsonpathlibrary from the project and refactor this method https://github.com/dotCMS/core/blob/5df18c5f39e3150efc419eb034500dc1a2ac9f74/dotCMS/src/main/java/com/dotcms/content/elasticsearch/util/ESMappingUtilHelper.java#L468-L490 in a way that a JsonPath reference is not required.Steps to Reproduce
It is an internal code refactoring
Acceptance Criteria
com.jayway.jsonpathis removed from the project.ESMappingUtilHelperTestruns ok.dotCMS Version
master
Proposed Objective
Security & Privacy
Proposed Priority
Priority 2 - Important
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Quality Assurance Notes & Workarounds
No response
Sub-Tasks & Estimates
No response