MNT-21879 : [Security] Multiple json-java vulnerabilities (#32)

- added upgrade & fix

.travis.yml

@@ -21,6 +21,7 @@ branches:
   only:
     - master
     - /release\/.*/
+    - fix/MNT-21879
 
 env:
   global:

pom.xml

@@ -66,7 +66,7 @@
         <dependency.webscripts.version>8.8</dependency.webscripts.version>
         <dependency.bouncycastle.version>1.66</dependency.bouncycastle.version>
         <dependency.mockito-core.version>3.5.11</dependency.mockito-core.version>
-        <dependency.org-json.version>20090211</dependency.org-json.version>
+        <dependency.org-json.version>20200518</dependency.org-json.version>
         <dependency.commons-dbcp.version>1.4-DBCP330</dependency.commons-dbcp.version>
         <dependency.guava.version>28.2-jre</dependency.guava.version>
         <dependency.commons-io.version>2.8.0</dependency.commons-io.version>

repository/src/main/java/org/alfresco/repo/preference/PreferenceServiceImpl.java

@@ -196,7 +196,7 @@ public class PreferenceServiceImpl implements PreferenceService, Extensible
             {
                 if(jsonPrefs.has(preferenceName))
                 {
-                    preferenceValue = jsonPrefs.getString(preferenceName);
+                    preferenceValue = String.valueOf(jsonPrefs.get(preferenceName));
                 }
             }
         }