[MGNLCACHE-299] Replace json-io with gson Created: 30/Jun/23 Updated: 23/Oct/23 |
|
| Status: | Open |
| Project: | Cache Modules |
| Component/s: | cache browser |
| Affects Version/s: | 6.0.0, 5.9.6 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoR: |
Empty
|
||||||||
| Epic Link: | DevX Bucket | ||||||||
| Team: | |||||||||
| Description |
|
Recently a vulnerability against json-io was reported. Although not exploitable in Magnolia's case, the cache browser app uses the potentially vulnerable API (JsonReader.jsonToJava) at https://git.magnolia-cms.com/projects/MODULES/repos/cache/browse/magnolia-cache-browser-app/src/main/java/info/magnolia/cache/browser/rest/endpoint/CacheEndpoint.java#219. As json-io seems to be poorly maintained, it would be good to replace it with Google's gson. |