CVE-2024-57699 on Json-Path:2.9.0

[ukumar009]

CVE details can be seen here: https://nvd.nist.gov/vuln/detail/CVE-2024-57699
Fix is available in json-smart-v2: https://github.com/netplex/json-smart-v2?tab=readme-ov-file#v-252-2025-02-07

[ukumar009]

Created a PR for the fix: #1030

[jkoch70]

Can you tell us by when we can expect a new release containing the vulnerability fix available on Maven Central?
https://mvnrepository.com/artifact/com.jayway.jsonpath/json-path

[edwinlinson]

Hi @ukumar009 , following up on @jkoch70 's question—
Could you provide an ETA for the next release containing the vulnerability fix on Maven Central?
https://mvnrepository.com/artifact/com.jayway.jsonpath/json-path

[ukumar009]

Hi @edwinlinson, to be honest. I can't merge the PR. I see there is one more waiting approval. I don't know who can help me with it. I don't know anything about release cycles of this jar. Sorry : (

[bramesh88]

Can anyone please update on ETA to Maven central of this change?