Seeding a question that will help me in investigations later tonight:I am seeing some bugs with RapidJSON, they might not be fixable unless we start using a more recent checkout of their code. There has not been a release since August 2016. Do we choose a commit to pin to that seems reasonable, or do we search for some other creative solution? If (b), what do your creative minds suggest?
2 years ago
I would suggest filing issues for each on the rapidjson project against the release version. Might motivate them to issue another release. I am up for helping to fix some of them if not addressed by newer commits.And of course, the filing of the issues helps educate others on vulns they may not be aware of