As part of the core dependencies, json-lib has not been updated for a decade and depends on an outdated version of commons-lang2. https://github.com/jenkinsci/jenkins/pull/8996#issuecomment-2033276342
I have created a Jira issue for the modernization of json-lib, which has been added to the Jira epic "Core and core component dependency debt" as a part of it. https://issues.jenkins.io/browse/JENKINS-72981 https://issues.jenkins.io/browse/JENKINS-68689 The following phased plan is proposed: Step 1: Merge the exclusive dependency of json-lib, ezmorph, directly into our forked json-lib repository. We plan to release it in a single jar package in the future. (Already create a PR: https://github.com/jenkinsci/json-lib/pull/8) Step 2: Update the code to replace all uses of commons-lang2 with Java native API. Step 3: Rebuild the CI release process for json-lib and release a new version. Thanks Bob Du -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEc6OW%2Bphes6EosTDh5%3DSg%3DYdNOtTHd4rGnBCVATQrKGyTBkbw%40mail.gmail.com.
