Skip to content

Jackson Release 2.15

Jump to bottom
Tatu Saloranta edited this page Feb 28, 2023 · 137 revisions

Jackson Version 2.15 is being developed as of February 2023.

There is tentative goal of getting the first Release Candidate out by March 2023.

This wiki page gives a list of links to all changes (with brief descriptions) that will be included, as well as about some of the active plans for changes and fixes to include.

Status

Branch is under active development as of January 2023; the first release is expected around March 2023.

Patches

No release yet

Documentation

None written yet.

Changes, compatibility

Compatibility: JDK requirements

Same as Jackson 2.14 except:

  • No changes

Compatibility: transitive dependencies

YAML format module

As per YAML#390 SnakeYAML dependency upgrade to Snakeyaml 2.0 from 1.33, to resolve CVE-2022-1471.

Despite seeming major version upgrade, should NOT affect compatibility of Jackson YAML format module -- SnakeYAML version scheme only uses 2 digits so this is more like a minor version upgrade, affecting API that Jackson does not use.

Compatibility: build/artifact changes

Jar changes

  • jackson-core is now a Multi-Release jar to support more optimal handling for newer JDKs wrt number parsing.

Build JDK changes

  • Hibernate module build now requires JDK 11 (due to Hibernate 6 module)

Changes, behavior

Processing Limits

General

2.15 adds maximum token limits for different tokens as described below. All limits are:

  • Expressed in input units -- bytes or chars -- depending on input source
  • Defined as longest allowed length, but not necessarily imposed at 100% accuracy: that is, if maximum allowed length is specified as 1000 units, something with length of, say 1003 may not cause exception (but 1500 would)
  • Defined in new StreamReadConstraints class, configurable on per-JsonFactory basis

Maximum number token lengths

Implementation of jackson-core#827 sets up upper limit on maximum length of numeric tokens read from input. Default limit is:

  • Maximum 1000 for both integral and floating-point numbers.

Note that dataformat modules need to add support for enforcing the limits so coverage may vary: as usual, JSON parser will have the widest coverage initially.

Maximum String value length

Implementation of jackson-core#863 sets up upper limit on maximum length of String values read from input. Default limit is:

  • Maximum of 1_000_000 (1 million) input units (bytes/chars depending on input source)

Changes, behavior, other

Major focus areas planned

Processing limits

Further number decoding performance optimizations

Changes to be included in the release.

Full Change list

Changes, core

Annotations

  • #211: Add JsonFormat.Features: READ_UNKNOWN_ENUM_VALUES_AS_NULL, READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE

Streaming

  • #827: Add numeric value size limits via StreamReadConstraints (fixes sonatype-2022-6438)
  • #851: Add StreamReadFeature.USE_FAST_BIG_NUMBER_PARSER to enable faster BigDecimal, BigInteger parsing
  • #863: Add StreamReadConstraints limit for longest textual value to allow (default: 1M)
  • #865: Optimize parsing 19 digit longs
  • #898: Possible flaw in TokenFilterContext#skipParentChecks()
  • #902: Add Object JsonParser.getNumberValueDeferred() method to allow for deferred decoding in some cases
  • Build uses package type "jar" but still produces valid OSGi bundle (changed needed to keep class timestamps with Reproducible Build)

Databind

  • #2536: Add EnumFeature.READ_ENUM_KEYS_USING_INDEX to work with existing "WRITE_ENUM_KEYS_USING_INDEX"
  • #2974: Null coercion with @JsonSetter does not work with java.lang.Record
  • #2992: Properties naming strategy do not work with Record
  • #3053: Allow serializing enums to lowercase (EnumFeature.WRITE_ENUMS_TO_LOWERCASE)
  • #3180: Support @JsonCreator annotation on record classes
  • #3262: InvalidDefinitionException when calling mapper.createObjectNode().putPOJO
  • #3297: @JsonDeserialize(converter = ...) does not work with Records
  • #3342: JsonTypeInfo.As.EXTERNAL_PROPERTY does not work with record wrappers
  • #3637: Add enum features into @JsonFormat.Feature
  • #3651: Deprecate "exact values" setting from JsonNodeFactory, replace with JsonNodeFeature.STRIP_TRAILING_BIGDECIMAL_ZEROES
  • #3654: Infer @JsonCreator(mode = Mode.DELEGATING) from use of @JsonValue)
  • #3676: Allow use of @JsonCreator(mode = Mode.PROPERTIES) creator for POJOs with "empty String" coercion
  • #3680: Timestamp in classes inside jar showing 02/01/1980
  • #3682: Transient Fields are not ignored as Mutators if there is visible Getter
  • #3690: Incorrect target type for arrays when disabling coercion
  • #3708: Seems like java.nio.file.Path is safe for Android API level 26
  • #3736: Try to avoid auto-detecting Fields for Record types
  • #3742: schemaType of LongSerializer is wrong
  • #3745: Deprecate classes in package com.fasterxml.jackson.databind.jsonschema
  • #3748: DelegatingDeserializer missing override of getAbsentValue() (and couple of other methods)
  • #3796: Enum Deserialisation Failing with Polymorphic type validator

Changes, data formats

CBOR

  • #347: Add support for CBOR stringref extension (CBORGenerator.Feature.STRINGREF)
  • #356: Add CBORGenerat.Feature.WRITE_MINIMAL_DOUBLES for writing doubles as floats if safe to do so

XML

  • #542: XmlMapper does not find no-argument record constructor for deserialization of empty XML
  • #547: Parsing empty tags without default no-arguments constructor fails in 2.14
  • #560: Add DefaultXmlPrettyPrinter.withCustomNewLine() to configure linefeed for XML pretty-printing

YAML

  • #373: Positive numbers with plus sign not quoted correctly with ALWAYS_QUOTE_NUMBERS_AS_STRINGS
  • #388: Add YAMLParser.Feature.PARSE_BOOLEAN_LIKE_WORDS_AS_STRINGS to allow parsing "boolean" words as strings instead of booleans
  • #390: Upgrade to Snakeyaml 2.0 (resolves CVE-2022-1471)

Changes, datatypes

Hibernate

  • #158: Add jackson-datatype-hibernate6 for Hibernate 6

Java 8 date/time

  • #259: Wrong module auto-registered when using JPMS
  • #266: Optimize InstantDeserializer method replaceZeroOffsetAsZIfNecessary()
  • #267: Normalize zone id during ZonedDateTime deserialization

Changes, Other modules

Afterburner

  • #190: Filter annotated by JsonInclude.Include.CUSTOM does not get called if the field is null with Afterburner/Blackbird module registered

Changes, JVM Languages

Kotlin

  • #560: Lazy load UNIT_TYPE

Clone this wiki locally