You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
We have been using JSON-java library version 20140107 so far (since 2014). Recently we discovered a vulnerability reported which is also mentioned in #654 (java.lang.StackOverflowError in org.json.JSONTokener.nextValue::JSONTokener.java:431 json-java). We noticed that this has been fixed in recent release 20220320.
As we have been using the 20140107 for so long, we want to know the following.
Would upgrading to 20220320 will introduce us with backward incompatibility issues? Is there a way to make sure upgrading is backward compatible?
We tried to find the code base of JSON-Java release 20140107 in the same git repo, but we couldnt. Where can we find the code base for 20140107 release tag?
@stleary Appreciate if we can get response for this as soon as possible.
The text was updated successfully, but these errors were encountered:
dushaniw
changed the title
Backward compatibility of latest release with release 20140107.
Backward compatibility of latest release comparing to release 20140107.
Mar 25, 2022
dushaniw
changed the title
Backward compatibility of latest release comparing to release 20140107.
Backward compatibility of upgrading to latest release from release 20140107.
Mar 25, 2022
dushaniw
changed the title
Backward compatibility of upgrading to latest release from release 20140107.
Backward compatibility of upgrading to latest release 20220320 from release 20140107.
Mar 25, 2022
@dushaniw Maintaining backward compatibility has been a priority since 2015, and before I got here, Douglas did not allow very many changes, either. I cannot guarantee there are no breaking changes, but let me know if you run into any issues and I will see if they can be mitigated. The 20140107 release predates my arrival, I am not sure how you could go about recovering the source other than decompiling the jar file.
From the repo, the best I could give you for that release is the approximate commit: 4d86b05
That commit is from Nov 2013, and there are no commits after that until April 2014. Seems very likely that all code in that commit is part of the 20140107 release.
Hi,
We have been using JSON-java library version 20140107 so far (since 2014). Recently we discovered a vulnerability reported which is also mentioned in #654 (java.lang.StackOverflowError in org.json.JSONTokener.nextValue::JSONTokener.java:431 json-java). We noticed that this has been fixed in recent release 20220320.
As we have been using the 20140107 for so long, we want to know the following.
@stleary Appreciate if we can get response for this as soon as possible.
The text was updated successfully, but these errors were encountered: