2.5.2

About CVE-2024-57699

Thanks for @ccudennec-otto Some remarks on the CVE, more discussions in #236

• as mentioned here it is quite unlikely that the vulnerability is exploited if you come here because of Spring Security / com.nimbusds:oauth2-oidc-sdk
• the code changes for the upcoming release will "only" fix the default modes provided by JSONParser, e.g. MODE_RFC4627
• if you create the JSONParser manually / with custom options, make sure you set option LIMIT_JSON_DEPTH
  • since that's what "connect2id" is doing in their library, they were responsible for fixing it. They've already provided a new 11.x release that fixes the JSONParser setup on their side, i.e. you rather need their fixed version and not version 2.5.2 of json-smart
  • as stated here, they would also need to backport the fix to the versions that Spring Security needs IMHO

What's Changed

• fix CVE-2024-57699 for predefined parsers by @ccudennec-otto in #233
• update maintainer github id and email by @hezhangjian in #234
• Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 in /json-smart-action by @dependabot in #189
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 in /json-smart-action by @dependabot in #190
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 in /json-smart-action by @dependabot in #191
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 in /json-smart by @dependabot in #194
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 in /json-smart by @dependabot in #193
• Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 in /json-smart by @dependabot in #192
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 in /json-smart by @dependabot in #188
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 in /json-smart-action by @dependabot in #185
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 in /json-smart-action by @dependabot in #196
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 in /json-smart by @dependabot in #197
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 in /json-smart-action by @dependabot in #198
• Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 in /json-smart-action by @dependabot in #200
• Bump junit.version from 5.10.2 to 5.10.3 in /json-smart-action by @dependabot in #199
• Bump junit.version from 5.10.2 to 5.10.3 in /json-smart by @dependabot in #201
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 in /json-smart by @dependabot in #203
• Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 in /json-smart by @dependabot in #202
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.0 to 3.1.1 in /json-smart by @dependabot in #205
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 in /json-smart by @dependabot in #206
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 in /json-smart-action by @dependabot in #207
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.0 to 3.1.1 in /json-smart-action by @dependabot in #208
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.10.0 in /json-smart by @dependabot in #214
• Bump junit.version from 5.10.3 to 5.11.0 in /json-smart by @dependabot in #213
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.5 in /json-smart by @dependabot in #212
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.10.0 in /json-smart-action by @dependabot in #211
• Bump junit.version from 5.10.3 to 5.11.0 in /json-smart-action by @dependabot in #210
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.5 in /json-smart-action by @dependabot in #209
• Bump junit.version from 5.11.0 to 5.11.1 in /json-smart-action by @dependabot in #219
• Bump junit.version from 5.11.0 to 5.11.1 in /json-smart by @dependabot in #216
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.5 to 3.2.7 in /json-smart-action by @dependabot in #218
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.5 to 3.2.7 in /json-smart by @dependabot in #217
• update version and dates. by @UrielCh in #220
• Bump junit.version from 5.11.2 to 5.11.3 in /json-smart by @dependabot in #222
• Bump junit.version from 5.11.2 to 5.11.3 in /json-smart-action by @dependabot in #221
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.11.1 in /json-smart by @dependabot in #226
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.11.1 in /json-smart-action by @dependabot in #224
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2 in /json-smart-action by @dependabot in #231
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2 in /json-smart by @dependabot in #229
• Bump junit.version from 5.11.3 to 5.11.4 in /json-smart-action by @dependabot in #230
• Bump junit.version from 5.11.3 to 5.11.4 in /json-smart by @dependabot in #228

New Contributors

• @ccudennec-otto made their first contribution in #233

Full Changelog: 2.5.1...2.5.2

V 2.5.1

What's Changed

• Bump junit.version from 5.9.3 to 5.10.0 in /json-smart by @dependabot in #158
• Bump junit.version from 5.9.3 to 5.10.0 in /json-smart-action by @dependabot in #157
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.2 in /json-smart by @dependabot in #166
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.2 in /json-smart-action by @dependabot in #165
• Bump junit.version from 5.10.0 to 5.10.1 in /json-smart-action by @dependabot in #164
• Bump junit.version from 5.10.0 to 5.10.1 in /json-smart by @dependabot in #163
• chore: Update github id from Shoothzj to shoothzj by @shoothzj in #168
• Bump asm version from 9.3 to 9.6 by @shoothzj in #167
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 in /json-smart-action by @dependabot in #169
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 in /json-smart by @dependabot in #170
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.0 in /json-smart by @dependabot in #172
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.0 in /json-smart-action by @dependabot in #171
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.0 to 3.12.1 in /json-smart by @dependabot in #174
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.0 to 3.12.1 in /json-smart-action by @dependabot in #173
• Fix OSGi import package version for net.minidev.asm. by @msqr in #180
• Bump junit.version from 5.10.1 to 5.10.2 in /json-smart-action by @dependabot in #179
• Bump junit.version from 5.10.1 to 5.10.2 in /json-smart by @dependabot in #178
• Bump version from 2.5.0 to 2.5.1 by @shoothzj in #181
• docs: add change log for version 2.5.1 by @shoothzj in #182
• Update 2024 by @UrielCh in #183
• add somme doc to remove deployement warnings by @UrielCh in #184

New Contributors

• @msqr made their first contribution in #180

Full Changelog: 2.5.0...2.5.1

V 2.5.0

What's Changed

• Bump maven-bundle-plugin from 5.1.8 to 5.1.9 in /json-smart-action by @dependabot in #148
• Bump maven-bundle-plugin from 5.1.8 to 5.1.9 in /json-smart by @dependabot in #149
• Bump maven-source-plugin from 3.2.1 to 3.3.0 in /json-smart by @dependabot in #151
• Bump maven-source-plugin from 3.2.1 to 3.3.0 in /json-smart-action by @dependabot in #150
• Bump maven-release-plugin from 3.0.0 to 3.0.1 in /json-smart-action by @dependabot in #152
• Bump maven-release-plugin from 3.0.0 to 3.0.1 in /json-smart by @dependabot in #153
• add flag to drop the limit of json depth by @Shoothzj in #156

Full Changelog: 2.4.11...2.5.0

V 2.4.11

V 2.4.11 (2023-05-18)

• Fix error in isWritable in accessor-smart. PR 147
• Update json-smart dependency to use accessor-smart:2.4.11

What's Changed

• Bump maven-release-plugin from 3.0.0-M7 to 3.0.0 in /json-smart-action by @dependabot in #135
• Bump maven-release-plugin from 3.0.0-M7 to 3.0.0 in /json-smart by @dependabot in #136
• Bump maven-resources-plugin from 3.3.0 to 3.3.1 in /json-smart by @dependabot in #138
• Bump maven-resources-plugin from 3.3.0 to 3.3.1 in /json-smart-action by @dependabot in #139
• Fix the grammar in the Readme by @wirelessben in #140
• Bump junit.version from 5.9.2 to 5.9.3 in /json-smart-action by @dependabot in #144
• Bump junit.version from 5.9.2 to 5.9.3 in /json-smart by @dependabot in #143
• Fix CVE from being reported against accessors-smart by @Grimoren in #142
• Bump maven-gpg-plugin from 3.0.1 to 3.1.0 in /json-smart-action by @dependabot in #146
• Bump maven-gpg-plugin from 3.0.1 to 3.1.0 in /json-smart by @dependabot in #145
• Fix isWritable method by @harikrishna553 in #147

New Contributors

• @wirelessben made their first contribution in #140
• @Grimoren made their first contribution in #142
• @harikrishna553 made their first contribution in #147

Full Changelog: 2.4.10...2.4.11

V 2.4.10

What's Changed

• fix unstacking issue with more than 400 elements in an array by @ewoelfel in #133
• Add 2.4.10 release note by @Shoothzj in #134

New Contributors

• @ewoelfel made their first contribution in #133

Full Changelog: 2.4.9...2.4.10

V 2.4.9

V 2.4.9 (2023-03-07)

• Add depth limit of 400 when parsing JSON.

What's Changed

• allow config init size of jsonarray and jsonobject by @Shoothzj in #81
• update asm junit5 version by @Shoothzj in #82
• enable github workflow by @Shoothzj in #83
• Bump maven-compiler-plugin from 3.8.1 to 3.10.1 in /json-smart-action by @dependabot in #90
• Bump maven-javadoc-plugin from 3.2.0 to 3.4.0 in /json-smart by @dependabot in #85
• Bump maven-javadoc-plugin from 3.2.0 to 3.4.0 in /json-smart-action by @dependabot in #86
• Bump maven-jar-plugin from 3.2.0 to 3.2.2 in /json-smart by @dependabot in #89
• Bump maven-jar-plugin from 3.2.0 to 3.2.2 in /json-smart-action by @dependabot in #88
• Bump maven-release-plugin from 3.0.0-M1 to 3.0.0-M5 in /json-smart-action by @dependabot in #91
• Bump maven-release-plugin from 3.0.0-M1 to 3.0.0-M5 in /json-smart by @dependabot in #93
• Bump json-smart from 2.4.6 to 2.4.8 in /json-smart-action by @dependabot in #96
• Bump maven-compiler-plugin from 3.8.1 to 3.10.1 in /json-smart by @dependabot in #94
• Bump maven-bundle-plugin from 5.1.2 to 5.1.6 in /json-smart by @dependabot in #97
• Bump maven-bundle-plugin from 5.1.2 to 5.1.6 in /json-smart-action by @dependabot in #98
• Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 in /json-smart by @dependabot in #99
• Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 in /json-smart-action by @dependabot in #100
• Bump maven-bundle-plugin from 5.1.6 to 5.1.7 in /json-smart-action by @dependabot in #103
• Bump maven-bundle-plugin from 5.1.6 to 5.1.7 in /json-smart by @dependabot in #102
• Bump maven-resources-plugin from 3.2.0 to 3.3.0 in /json-smart-action by @dependabot in #104
• Bump maven-resources-plugin from 3.2.0 to 3.3.0 in /json-smart by @dependabot in #105
• Bump maven-bundle-plugin from 5.1.7 to 5.1.8 in /json-smart-action by @dependabot in #110
• Bump maven-bundle-plugin from 5.1.7 to 5.1.8 in /json-smart by @dependabot in #111
• Bump maven-jar-plugin from 3.2.2 to 3.3.0 in /json-smart by @dependabot in #119
• Bump maven-jar-plugin from 3.2.2 to 3.3.0 in /json-smart-action by @dependabot in #118
• Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 in /json-smart by @dependabot in #117
• Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 in /json-smart-action by @dependabot in #116
• Bump junit-jupiter-api from 5.8.2 to 5.9.1 in /json-smart-action by @dependabot in #114
• Bump junit-jupiter-api from 5.8.2 to 5.9.1 in /json-smart by @dependabot in #113
• Bump junit version from 5.8.2 to 5.9.1 by @Shoothzj in #120
• configure Reproducible Builds by @hboutemy in #101
• Bump maven-release-plugin from 3.0.0-M6 to 3.0.0-M7 in /json-smart-action by @dependabot in #122
• add copyright to pom.xml by @tobi5775 in #125
• Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 in /json-smart by @dependabot in #126
• Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 in /json-smart-action by @dependabot in #127
• Bump maven-compiler-plugin from 3.10.1 to 3.11.0 in /json-smart by @dependabot in #129
• Bump maven-compiler-plugin from 3.10.1 to 3.11.0 in /json-smart-action by @dependabot in #128
• Bump maven-release-plugin from 3.0.0-M6 to 3.0.0-M7 in /json-smart by @dependabot in #121
• Bump junit.version from 5.9.1 to 5.9.2 in /json-smart-action by @dependabot in #123
• Bump junit.version from 5.9.1 to 5.9.2 in /json-smart by @dependabot in #124
• Bump maven-gpg-plugin from 1.6 to 3.0.1 in /json-smart by @dependabot in #87
• Bump maven-gpg-plugin from 1.6 to 3.0.1 in /json-smart-action by @dependabot in #84

New Contributors

• @hboutemy made their first contribution in #101
• @tobi5775 made their first contribution in #125

Full Changelog: 2.4.8...2.4.9

V 2.4.1

What's Changed

• introduce helper classes to process a JSONObject and its nodes by @erav in #24
• merge Erav as json-smart-action:2.3 by @UrielCh in #31
• Pr/21 by @UrielCh in #32
• Added few handy methods (smth like "builder pattern"). by @kirilldev in #21
• Remove the inlined ASM dependency in smart-accessors by @mattnelson in #35
• Avoid costly call to String#trim() by @jochenberger in #37
• V2.2.2 by @UrielCh in #38
• R V2.3 by @UrielCh in #40
• fix typos by @Alanscut in #50
• Bump junit from 4.12 to 4.13.1 by @dependabot in #56
• Possible fix for Exception handling by @GanbaruTobi in #61
• Downgrade to Java8 support for the next release by @coheigea in #63
• Bump by @UrielCh in #64
• merge 2.4.1 version by @UrielCh in #65

New Contributors

• @erav made their first contribution in #24
• @kirilldev made their first contribution in #21
• @mattnelson made their first contribution in #35
• @jochenberger made their first contribution in #37
• @Alanscut made their first contribution in #50
• @GanbaruTobi made their first contribution in #61
• @coheigea made their first contribution in #63

Full Changelog: 2.2...2.4.1

json-smart v2.2 Release

• rename asm to accessors-smart due to conflict name with asm.ow2.org lib.
• fix OSGI error
• add support for BigDecimal
• improve JSONObject.getAsNumber() helper
• add a Field Remaper