Mark 1.0.0-SNAPSHOT and update README.

.github/workflows/main.linux.temurin.current.yml

@@ -18,3 +18,9 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports

.github/workflows/main.linux.temurin.lts.yml

@@ -18,6 +18,12 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports
       - name: Coverage
         uses: codecov/codecov-action@v1
         with:

.github/workflows/main.windows.temurin.current.yml

@@ -18,3 +18,9 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports

.github/workflows/main.windows.temurin.lts.yml

@@ -18,3 +18,9 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports

README.in

@@ -0,0 +1,64 @@
+
+## dixmont
+
+Some useful extension classes for [jackson](https://github.com/FasterXML/jackson).
+
+### Features
+
+  * Restricted JSON deserializer for preventing reflection-based serialization attacks.
+  * Written in pure Java 17.
+  * [OSGi](https://www.osgi.org/) ready.
+  * [JPMS](https://en.wikipedia.org/wiki/Java_Platform_Module_System) ready.
+  * ISC license.
+  * High-coverage automated test suite.
+
+### Motivation
+
+Systems that use reflection to deserialize data are typically subject to
+[deserialization attacks](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).
+The [jackson](https://github.com/FasterXML/jackson) JSON library is no
+exception to this.
+
+The `dixmont` package provides a blunt and brute-force means to reduce the
+impact of attacks: All of the permitted classes that can be deserialized are
+listed, and everything else is rejected.
+
+### Building
+
+```
+$ mvn clean verify
+```
+
+### Usage
+
+Create a restricted serializer that is permitted to deserialize only the
+given classes and no others, and then register it with an `ObjectMapper`:
+
+```
+var serializers =
+  DmJsonRestrictedDeserializers.builder()
+    .allowClass(Optional.class)
+    .allowClass(Path.class)
+    .allowClass(String.class)
+    .allowClass(URI.class)
+    .allowClass(int.class)
+    .allowClass(double.class)
+    .allowClass(List.class)
+    .allowClassName(
+      "java.util.Optional<java.lang.Integer>")
+    .allowClassName(
+      "java.util.List<java.lang.String>")
+    .build();
+
+var mapper =
+  JsonMapper.builder()
+    .build();
+
+final var simpleModule = new SimpleModule();
+simpleModule.setDeserializers(this.serializers);
+mapper.registerModule(simpleModule);
+```
+
+Parser code using the given `ObjectMapper` will be prevented from deserializing
+values of anything other than the given classes. Hostile JSON text that attempts
+to get the deserializer to instantiate other classes will fail.

README.md

@@ -13,3 +13,68 @@ dixmont
 | OpenJDK (Temurin) LTS | Linux | [![Build (OpenJDK (Temurin) LTS, Linux)](https://img.shields.io/github/actions/workflow/status/io7m/dixmont/main.linux.temurin.lts.yml)](https://github.com/io7m/dixmont/actions?query=workflow%3Amain.linux.temurin.lts)|
 | OpenJDK (Temurin) Current | Windows | [![Build (OpenJDK (Temurin) Current, Windows)](https://img.shields.io/github/actions/workflow/status/io7m/dixmont/main.windows.temurin.current.yml)](https://github.com/io7m/dixmont/actions?query=workflow%3Amain.windows.temurin.current)|
 | OpenJDK (Temurin) LTS | Windows | [![Build (OpenJDK (Temurin) LTS, Windows)](https://img.shields.io/github/actions/workflow/status/io7m/dixmont/main.windows.temurin.lts.yml)](https://github.com/io7m/dixmont/actions?query=workflow%3Amain.windows.temurin.lts)|
+
+## dixmont
+
+Some useful extension classes for [jackson](https://github.com/FasterXML/jackson).
+
+### Features
+
+  * Restricted JSON deserializer for preventing reflection-based serialization attacks.
+  * Written in pure Java 17.
+  * [OSGi](https://www.osgi.org/) ready.
+  * [JPMS](https://en.wikipedia.org/wiki/Java_Platform_Module_System) ready.
+  * ISC license.
+  * High-coverage automated test suite.
+
+### Motivation
+
+Systems that use reflection to deserialize data are typically subject to
+[deserialization attacks](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).
+The [jackson](https://github.com/FasterXML/jackson) JSON library is no
+exception to this.
+
+The `dixmont` package provides a blunt and brute-force means to reduce the
+impact of attacks: All of the permitted classes that can be deserialized are
+listed, and everything else is rejected.
+
+### Building
+
+```
+$ mvn clean verify
+```
+
+### Usage
+
+Create a restricted serializer that is permitted to deserialize only the
+given classes and no others, and then register it with an `ObjectMapper`:
+
+```
+var serializers =
+  DmJsonRestrictedDeserializers.builder()
+    .allowClass(Optional.class)
+    .allowClass(Path.class)
+    .allowClass(String.class)
+    .allowClass(URI.class)
+    .allowClass(int.class)
+    .allowClass(double.class)
+    .allowClass(List.class)
+    .allowClassName(
+      "java.util.Optional<java.lang.Integer>")
+    .allowClassName(
+      "java.util.List<java.lang.String>")
+    .build();
+
+var mapper =
+  JsonMapper.builder()
+    .build();
+
+final var simpleModule = new SimpleModule();
+simpleModule.setDeserializers(this.serializers);
+mapper.registerModule(simpleModule);
+```
+
+Parser code using the given `ObjectMapper` will be prevented from deserializing
+values of anything other than the given classes. Hostile JSON text that attempts
+to get the deserializer to instantiate other classes will fail.
+

com.io7m.dixmont.colors/pom.xml

@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.dixmont</artifactId>
     <groupId>com.io7m.dixmont</groupId>
-    <version>0.0.3-SNAPSHOT</version>
+    <version>1.0.0-SNAPSHOT</version>
   </parent>
   <artifactId>com.io7m.dixmont.colors</artifactId>
 

com.io7m.dixmont.core/pom.xml

@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.dixmont</artifactId>
     <groupId>com.io7m.dixmont</groupId>
-    <version>0.0.3-SNAPSHOT</version>
+    <version>1.0.0-SNAPSHOT</version>
   </parent>
   <artifactId>com.io7m.dixmont.core</artifactId>
 

com.io7m.dixmont.tests/pom.xml

@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.dixmont</artifactId>
     <groupId>com.io7m.dixmont</groupId>
-    <version>0.0.3-SNAPSHOT</version>
+    <version>1.0.0-SNAPSHOT</version>
   </parent>
   <artifactId>com.io7m.dixmont.tests</artifactId>
 

pom.xml

@@ -8,12 +8,12 @@
   <parent>
     <groupId>com.io7m.primogenitor</groupId>
     <artifactId>com.io7m.primogenitor.full</artifactId>
-    <version>7.5.0</version>
+    <version>7.7.0</version>
   </parent>
 
   <groupId>com.io7m.dixmont</groupId>
   <artifactId>com.io7m.dixmont</artifactId>
-  <version>0.0.3-SNAPSHOT</version>
+  <version>1.0.0-SNAPSHOT</version>
 
   <packaging>pom</packaging>
   <name>com.io7m.dixmont</name>
@@ -27,9 +27,8 @@
   </modules>
 
   <properties>
-    <com.io7m.xstructural.version>1.2.0</com.io7m.xstructural.version>
     <io7m.api.previousVersion>0.0.1-SNAPSHOT</io7m.api.previousVersion>
-    <jackson.version>2.15.0</jackson.version>
+    <jackson.version>2.15.2</jackson.version>
     <org.immutables.version>2.8.8</org.immutables.version>
     <junit.version>5.9.3</junit.version>
   </properties>
@@ -152,21 +151,6 @@
     </pluginManagement>
 
     <plugins>
-      <!-- Generate immutables.org types -->
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <annotationProcessorPaths>
-            <dependency>
-              <groupId>org.immutables</groupId>
-              <artifactId>value</artifactId>
-              <version>${org.immutables.version}</version>
-            </dependency>
-          </annotationProcessorPaths>
-        </configuration>
-      </plugin>
-
       <!-- Generate a site -->
       <plugin>
         <groupId>com.io7m.minisite</groupId>