Update org.json:json:20140107 dependency version to latest

teodorakostova commented 1 year ago

com.unboundid.components uses an old version of org.json library - org.json:json:20140107

Latest version of org.json:

<dependency>
   <groupId>org.json</groupId>
   <artifactId>json</artifactId>
   <version>20220924</version>
</dependency>

After update of org.json library in my project I get the following exception:

java.lang.NoSuchMethodError: org.json.JSONWriter.<init>(Ljava/io/Writer;)V

    at com.unboundid.scim.marshal.json.JsonStreamMarshaller.<init>(JsonStreamMarshaller.java:86)
    at com.unboundid.scim.marshal.json.JsonMarshaller.marshal(JsonMarshaller.java:87)
    at com.unboundid.scim.sdk.SCIMException.marshal(SCIMException.java:93)

narras-oss commented 1 year ago

There is a CVE against org.json now: https://nvd.nist.gov/vuln/detail/CVE-2022-45688 and the fix is in recent release: https://github.com/stleary/JSON-java/releases/tag/20230227

negne11 commented 1 year ago

This issue still exists in this project because com.unboundid.components uses an old version of org.json library - org.json:json:20140107. The root cause is https://github.com/pingidentity/scim/blob/d007f3f614bef6316e613c5bf8985b886f0ef748/scim-sdk/src/main/java/com/unboundid/scim/marshal/json/JsonStreamMarshaller.java#L86 JSONWriter has been updated to use Appender instead of Writter class in the newer json library.

pingidentity / scim

Update org.json:json:20140107 dependency version to latest #31