From 7685575ab7b4ebc8a7700d0d0c8632e4f28bfbdc Mon Sep 17 00:00:00 2001
From: Emmanuel Zamora <emmanuel.zamora@harness.io>
Date: Fri, 3 Oct 2025 20:45:27 -0300
Subject: [PATCH 1/4] [FME-10341] fix vulns, update versions and add shutdown

---
 pom.xml                                       | 31 ++++++++++---------
 .../io/split/openfeature/SplitProvider.java   |  5 +++
 .../openfeature/utils/Serialization.java      | 14 +++------
 .../java/io/split/openfeature/ClientTest.java | 12 +++++--
 .../split/openfeature/SplitProviderTest.java  | 16 +++++++---
 5 files changed, 47 insertions(+), 31 deletions(-)

diff --git a/pom.xml b/pom.xml
index a78e0bd..c54cb78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,11 +49,6 @@
 			<artifactId>java-client</artifactId>
 			<version>4.18.1</version>
 		</dependency>
-		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpclient</artifactId>
-			<version>4.5.14</version>
-		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
 			<artifactId>mockito-core</artifactId>
@@ -65,16 +60,6 @@
 			<artifactId>sdk</artifactId>
 			<version>1.18.1</version>
 		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-core</artifactId>
-			<version>2.20.0</version>
-		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-databind</artifactId>
-			<version>2.20.0</version>
-		</dependency>
 	</dependencies>
 	<build>
 		<pluginManagement>
@@ -85,6 +70,22 @@
 					<artifactId>maven-clean-plugin</artifactId>
 					<version>3.5.0</version>
 				</plugin>
+				<plugin>
+					<groupId>org.owasp</groupId>
+					<artifactId>dependency-check-maven</artifactId>
+					<version>12.1.6</version>
+					<configuration>
+						<nvdApiKey>41aa3456-48f3-466a-a8ea-db1e84caba36</nvdApiKey>
+						<failBuildOnCVSS>7</failBuildOnCVSS>
+					</configuration>
+					<executions>
+						<execution>
+							<goals>
+								<goal>check</goal>
+							</goals>
+						</execution>
+					</executions>
+				</plugin>
 				<!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
 				<plugin>
 					<artifactId>maven-resources-plugin</artifactId>
diff --git a/src/main/java/io/split/openfeature/SplitProvider.java b/src/main/java/io/split/openfeature/SplitProvider.java
index 06982d3..67c43cf 100644
--- a/src/main/java/io/split/openfeature/SplitProvider.java
+++ b/src/main/java/io/split/openfeature/SplitProvider.java
@@ -158,6 +158,11 @@ public Map<String, Object> transformContext(EvaluationContext context) {
     return context.asObjectMap();
   }
 
+  @Override
+  public void shutdown() {
+    client.destroy();
+  }
+
   private SplitResult evaluateTreatment(String key, EvaluationContext evaluationContext) {
     String id = evaluationContext.getTargetingKey();
     if (id == null || id.isEmpty()) {
diff --git a/src/main/java/io/split/openfeature/utils/Serialization.java b/src/main/java/io/split/openfeature/utils/Serialization.java
index d3f23f6..5ff2c04 100644
--- a/src/main/java/io/split/openfeature/utils/Serialization.java
+++ b/src/main/java/io/split/openfeature/utils/Serialization.java
@@ -1,12 +1,10 @@
 package io.split.openfeature.utils;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Map;
+
 import dev.openfeature.sdk.ErrorCode;
 import dev.openfeature.sdk.exceptions.ParseError;
-
-import java.util.Map;
+import io.split.client.utils.Json;
 
 public class Serialization {
 
@@ -15,10 +13,8 @@ private Serialization() {
 
   public static Map<String, Object> stringToMap(final String obj) {
     try {
-      return new ObjectMapper()
-        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
-        .readValue(obj, Map.class);
-    } catch (JsonProcessingException e) {
+      return Json.fromJson(obj, Map.class);
+    } catch (Exception e) {
       throw new ParseError(ErrorCode.PARSE_ERROR.name());
     }
   }
diff --git a/src/test/java/io/split/openfeature/ClientTest.java b/src/test/java/io/split/openfeature/ClientTest.java
index a0ec342..9dd966a 100644
--- a/src/test/java/io/split/openfeature/ClientTest.java
+++ b/src/test/java/io/split/openfeature/ClientTest.java
@@ -30,14 +30,15 @@
 public class ClientTest {
   OpenFeatureAPI openFeatureAPI;
   Client client;
+  SplitClient splitClient;
 
   @BeforeEach
   public void init() {
     openFeatureAPI = OpenFeatureAPI.getInstance();
     try {
       SplitClientConfig config = SplitClientConfig.builder().splitFile("src/test/resources/split.yaml").build();
-      SplitClient client = SplitFactoryBuilder.build("localhost", config).client();
-      openFeatureAPI.setProviderAndWait(new SplitProvider(client));
+      splitClient = SplitFactoryBuilder.build("localhost", config).client();
+      openFeatureAPI.setProviderAndWait(new SplitProvider(splitClient));
     } catch (URISyntaxException | IOException e) {
       System.out.println("Unexpected Exception occurred initializing Split Provider.");
     }
@@ -267,6 +268,13 @@ public void getObjectFailTest() {
     assertNull(details.getVariant());
   }
 
+  @Test
+  public void destroySplitClientTest() {
+    assertEquals("32", splitClient.getTreatment("key","int_feature"));
+    openFeatureAPI.shutdown();
+    assertEquals("control", splitClient.getTreatment("key","int_feature"));
+  }
+
   private Value mapToValue(Map<String, Value> map) {
     return new Value(new MutableStructure(map));
   }
diff --git a/src/test/java/io/split/openfeature/SplitProviderTest.java b/src/test/java/io/split/openfeature/SplitProviderTest.java
index d5c0dc8..c72f124 100644
--- a/src/test/java/io/split/openfeature/SplitProviderTest.java
+++ b/src/test/java/io/split/openfeature/SplitProviderTest.java
@@ -420,27 +420,26 @@ public void evalStructureComplexTest() {
     Instant instant = Instant.ofEpochMilli(1665698754828L);
     Value treatment = mapToValue(Map.of(
       "string", new Value("blah"),
-      "int", new Value(10),
+      "int", new Value(10D),
       "double", new Value(100D),
       "bool", new Value(true),
       "struct", mapToValue(Map.of(
           "foo", new Value("bar"),
-          "baz", new Value(10),
+          "baz", new Value(10D),
           "innerMap", mapToValue(Map.of(
               "aa", new Value("bb"))))),
       "list", new Value(
         List.of(
-          new Value(1),
           new Value(true),
           mapToValue(Map.of(
               "cc", new Value("dd")
             )),
           mapToValue(Map.of(
-              "ee", new Value(1)
+              "ee", new Value(1D)
             )))),
       "dateTime", new Value(instant)
     ));
-    String treatmentAsString = "{\"string\":\"blah\",\"int\":10,\"double\":100.0,\"bool\":true, \"struct\":{\"foo\":\"bar\",\"baz\":10,\"innerMap\":{\"aa\":\"bb\"}},\"list\":[1,true,{\"cc\":\"dd\"},{\"ee\":1}],\"dateTime\":\"2022-10-13T22:05:54.828Z\"}";
+    String treatmentAsString = "{\"string\":\"blah\",\"int\":10,\"double\":100.0,\"bool\":true, \"struct\":{\"foo\":\"bar\",\"baz\":10,\"innerMap\":{\"aa\":\"bb\"}},\"list\":[true,{\"cc\":\"dd\"},{\"ee\":1}],\"dateTime\":\"2022-10-13T22:05:54.828Z\"}";
 
     when(mockSplitClient.getTreatmentWithConfig(eq(key), eq(flagName), anyMap())).thenReturn(new SplitResult(treatmentAsString,""));
 
@@ -525,6 +524,13 @@ public void trackTrafficTypeErrorTest() {
     verifyNoInteractions(mockSplitClient);
   }
 
+  @Test
+  public void destroySplitClientTest() {
+    SplitProvider provider = new SplitProvider(mockSplitClient);
+    provider.shutdown();
+    verify(mockSplitClient).destroy();
+  }
+
   private Value mapToValue(Map<String, Value> map) {
     return new Value(new MutableStructure(map));
   }

From 7892e4a6600e3d841d158639290d75f9a428dc67 Mon Sep 17 00:00:00 2001
From: Emmanuel Zamora <emmanuel.zamora@harness.io>
Date: Fri, 3 Oct 2025 20:48:28 -0300
Subject: [PATCH 2/4] restore value in test

---
 src/test/java/io/split/openfeature/SplitProviderTest.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/io/split/openfeature/SplitProviderTest.java b/src/test/java/io/split/openfeature/SplitProviderTest.java
index c72f124..14f4575 100644
--- a/src/test/java/io/split/openfeature/SplitProviderTest.java
+++ b/src/test/java/io/split/openfeature/SplitProviderTest.java
@@ -430,6 +430,7 @@ public void evalStructureComplexTest() {
               "aa", new Value("bb"))))),
       "list", new Value(
         List.of(
+          new Value(1D),
           new Value(true),
           mapToValue(Map.of(
               "cc", new Value("dd")
@@ -439,7 +440,7 @@ public void evalStructureComplexTest() {
             )))),
       "dateTime", new Value(instant)
     ));
-    String treatmentAsString = "{\"string\":\"blah\",\"int\":10,\"double\":100.0,\"bool\":true, \"struct\":{\"foo\":\"bar\",\"baz\":10,\"innerMap\":{\"aa\":\"bb\"}},\"list\":[true,{\"cc\":\"dd\"},{\"ee\":1}],\"dateTime\":\"2022-10-13T22:05:54.828Z\"}";
+    String treatmentAsString = "{\"string\":\"blah\",\"int\":10,\"double\":100.0,\"bool\":true, \"struct\":{\"foo\":\"bar\",\"baz\":10,\"innerMap\":{\"aa\":\"bb\"}},\"list\":[1,true,{\"cc\":\"dd\"},{\"ee\":1}],\"dateTime\":\"2022-10-13T22:05:54.828Z\"}";
 
     when(mockSplitClient.getTreatmentWithConfig(eq(key), eq(flagName), anyMap())).thenReturn(new SplitResult(treatmentAsString,""));
 

From e677c726ebfc1c8939eb39728d48304d8e6ffaed Mon Sep 17 00:00:00 2001
From: Emmanuel Zamora <emmanuel.zamora@harness.io>
Date: Mon, 6 Oct 2025 10:49:45 -0300
Subject: [PATCH 3/4] prepare release

---
 CHANGES.txt | 3 +++
 README.md   | 2 +-
 pom.xml     | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 1408609..46be8fa 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,6 @@
+1.2.1 (October 6, 2025)
+ - Updated dependencies to fix vulnerabilities.
+
 1.2.0 (September 3, 2025)
  - Updated `io.split.client` dependency to 4.16.1
  - Updated `dev.openfeature` dependency to 1.17.0
diff --git a/README.md b/README.md
index 36f6021..095d229 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ This SDK is compatible with Java 11 and higher.
 <dependency>
     <groupId>io.split.openfeature</groupId>
     <artifactId>split-openfeature-provider</artifactId>
-    <version>1.2.0</version>
+    <version>1.2.1</version>
 </dependency>
 ```
 ### Configure it
diff --git a/pom.xml b/pom.xml
index c54cb78..b06e58d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>io.split.openfeature</groupId>
 	<artifactId>split-openfeature-provider</artifactId>
-	<version>1.2.0</version>
+	<version>1.2.1</version>
 	<name>split-openfeature-provider-java</name>
 	<description>Split OpenFeature Java Provider</description>
 	<url>www.split.io</url>

From a4a4c5c00cef22d3df40519a4c2a2c5d4e258dce Mon Sep 17 00:00:00 2001
From: ZamoraEmmanuel <87494075+ZamoraEmmanuel@users.noreply.github.com>
Date: Mon, 6 Oct 2025 11:45:23 -0300
Subject: [PATCH 4/4] Update CHANGES.txt

Co-authored-by: Mauro Sanz <51236193+sanzmauro@users.noreply.github.com>
---
 CHANGES.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGES.txt b/CHANGES.txt
index 46be8fa..c0dd319 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,5 +1,6 @@
 1.2.1 (October 6, 2025)
  - Updated dependencies to fix vulnerabilities.
+ - Added support for the shutdown feature. 
 
 1.2.0 (September 3, 2025)
  - Updated `io.split.client` dependency to 4.16.1