- changed status to duplicate
JSON Smart dependency may no longer be maintained
Issue #352
duplicate
Oauth 2.0 SDK with OpenID Connect extensions has a dependency on JSON Smart library. JSON Smart has been flagged with a high impact security vulnerability: https://github.com/netplex/json-smart-v2/issues/60
A fix has been submitted to JSON Smart: https://github.com/netplex/json-smart-v2/pull/61, but there has been no response from the maintainer. It's not clear if the fix will be merged in a new release of JSON Smart. Can this dependency on JSON Smart be removed?
Comments (2)
-
-
In the next major release the JSON Smart dep will be shaded. This is the first step in gradually allowing for its removal.
- Log in to comment
Duplicate of
#347.