Hi Team,
We are using the free version of ROR1.26.1_es7.10.0 and it has security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-27568 in json-smart library, can you please suggest if there are any updated version which has better version of json-smart ? or can it be fixed
Thanks for the help.
Thanks for report. We’ll upgrade the lib soon.
Hello Noor, we have updated json-smart library to 2.4.7, which is free from known vulnerabilities. We haven’t released ROR with it yet, but we will do it ASAP.
How did you find that there is a problem with this library? We are using OWASP dependency-check during build to find libraries which could have known vulnerabilities, but it doesn’t find any issue with json-smart. I wonder how we can improve our detection system to catch more issues like that automatically.
It’s released with ROR 1.30.1