vulnerable json.jar

milan.odavic · October 2023

Hi,
We are currently working on upgrading vulnerable .jar files and json-20190722.jar was found on our list. We are wondering, is non-vulnerable json-20230227.jar version is it compatible with other Refinitiv SDK version 3.6.8.0 libraries we use (ansipage-3.6.8.0, ema-3.6.8.0, eta-3.6.8.0, etajConverter-3.6.8.0, etaValueAdd-3.6.8.0, etaValueAddCache-3.6.8.0) ?

Also, is json-20190722.jar necessary or could we just remove it harmlessly?

Regards

Jirapongse · October 2023

@milan.odavic

Thank you for reaching out to us.

Please upgrade the application to use Real-Time-SDK-2.1.2.L1.java (EMA/ETA 3.7.2.L1). This version uses json-20230618.jar.

You can download it from the LSEG Developer Community website.

vulnerable json.jar

Best Answer

Categories