Backward compatibility of upgrading to latest release 20220320 from release 20140107.

[dushaniw]

Hi,
We have been using JSON-java library version 20140107 so far (since 2014). Recently we discovered a vulnerability reported which is also mentioned in #654 (java.lang.StackOverflowError in org.json.JSONTokener.nextValue::JSONTokener.java:431 json-java). We noticed that this has been fixed in recent release 20220320.

As we have been using the 20140107 for so long, we want to know the following.

1. Would upgrading to 20220320 will introduce us with backward incompatibility issues? Is there a way to make sure upgrading is backward compatible?
2. We tried to find the code base of JSON-Java release 20140107 in the same git repo, but we couldnt. Where can we find the code base for 20140107 release tag?

@stleary Appreciate if we can get response for this as soon as possible.

[stleary]

@dushaniw Maintaining backward compatibility has been a priority since 2015, and before I got here, Douglas did not allow very many changes, either. I cannot guarantee there are no breaking changes, but let me know if you run into any issues and I will see if they can be mitigated. The 20140107 release predates my arrival, I am not sure how you could go about recovering the source other than decompiling the jar file.

[johnjaylward]

From the repo, the best I could give you for that release is the approximate commit:
4d86b05

That commit is from Nov 2013, and there are no commits after that until April 2014. Seems very likely that all code in that commit is part of the 20140107 release.

https://github.com/stleary/JSON-java/commits/master?before=6f92a3ab4e425123c4b1ac2b8b65a7d9fb1d9bcb+886&branch=master

[dushaniw]

Thank you @stleary and @johnjaylward.