Jackson Release 2.9.8

Tatu Saloranta edited this page Dec 21, 2018 · 12 revisions

Patch version of 2.9, released 15th December, 2018.

Following fixes are included.

Changes, core


  • #488: Fail earlier on coercions from "too big" BigInteger into fixed-size types (int, long, short)
  • Improve exception message for missing Base64 padding


  • #1662: ByteBuffer serialization is broken if offset is not 0
  • #2155: Type parameters are checked for equality while isAssignableFrom expected
  • #2167: Large ISO-8601 Dates are formatted/serialized incorrectly
  • #2181: Don't re-use dynamic serializers for property-updating copy constructors
  • #2183: Base64 JsonMappingException: Unexpected end-of-input
  • #2186: Block more classes from polymorphic deserialization (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362)
  • #2197: Illegal reflective access operation warning when using java.lang.Void as value type

Changes, data formats


  • #140: Stack overflow when generating Protobuf schema on class containing cyclic type definition


  • #153: Unable to set a compression input/output decorator to a SmileFactory


  • #270: Add support for writeBinary() with InputStream to ToXMLGenerator
  • #323: Replace slow string concatenation with faster StringBuilder (for long text content)


  • #99: YamlGenerator closes the target stream when configured not to

Changes, datatypes

Java 8

  • #90: Performance issue with malicious BigDecimal input, InstantDeserializer, DurationDeserializer (note: CVE-2018-1000873)
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.