-
Notifications
You must be signed in to change notification settings - Fork 3
Jackson Work in Progress
Tatu Saloranta edited this page Oct 30, 2018
·
2080 revisions
This page is a "living document" of on-going work, mostly by @cowtowncoder (Tatu), although other committers are welcome to update it as well.
Contents are divided in 3 sections, of actionable (*) things:
- Urgent things -- security problems, correctness (corruption), reliability (threading/concurrency)
- Simple things -- low(er) hanging fruits that are likely easily fixable but also important (i.e. non-trivial)
- Important -- things that important strategically, or highly "voted", but that are more involved to fix/implement.
(*) actionable meaning, in general, that progress is only/mostly limited by time available and not by inherent difficulty, or lack of design or ideas of how to tackle the need.
29-Oct-2018, tatu: Create the initial version
Group of issues related to possible Denial-of-Service attacks, making use of surprisingly poor performance characteristics of coercing from BigInteger into long, and thereby also BigDecimal (as it is based on 2 BigIntegers). Mostly implemented by 29-Oct-2018, to be included in 2.9.8
-
https://github.com/FasterXML/jackson-core/issues/488 -- low-level early-fail on coercion of
BigIntegerintoint,long,float,double -
https://github.com/FasterXML/jackson-databind/issues/2157 -- tests for coercion of huge
BigDecimalintoEnum(basically verifying streaming API's early fail) -
https://github.com/FasterXML/jackson-modules-java8/issues/90 -- specific issue wrt
BigDecimal,Instantdeserializer
- On 29-Oct-2018, 3 more gadgets were reported. More information will sent to
jackson-dev-infoseclist; fixes for 2.9.8 and 2.8.11.3
-
https://github.com/FasterXML/jackson-core/issues/479: rewrite
BufferRecyclerfix
- Jackson 3.0:
- Remove mutability of
JsonGenerator - https://github.com/FasterXML/jackson-core/issues/492 (backtick in error messages) (ok sort of trivial)
- Remove
FEAT_MASK_from parser implementations
- Remove mutability of
- Jackson 2.10:
- Change
JsonGenerator.Feature.ESCAPE_NON_ASCIIto be based onJsonWriteFeature.ESCAPE_NON_ASCII- Maybe implement
-
https://github.com/FasterXML/jackson-core/issues/495: Add
StreamReadFeatureas alias for remaining non-deprecatedJsonParser.Features (for 3.0 forward compat) -
https://github.com/FasterXML/jackson-core/issues/496: Add
StreamWriteFeatureas alias for remaining non-deprecatedJsonGenerator.Features (for 3.0 forward compat)
- Change
- Jackson 3.0:
- Finish partial rewrite of
JsonFormat.Shapehandling to support ALL changes (POJO to/from non-POJO), for types AND properties
- Finish partial rewrite of