JSON for Modern C++ Version 2.0.10

@nlohmann nlohmann released this Jan 2, 2017 · 19 commits to develop since this release

  • Release date: 2017-01-02
  • MD5: 3c1bb4b578fbc34b05a7eb40903f8dbc

Summary

This release fixes several security-relevant bugs in the MessagePack and CBOR parsers. The fixes are backwards compatible.

Changes

  • ๐Ÿ› Fixed a lot of bugs in the CBOR and MesssagePack parsers. These bugs occurred if invalid input was parsed and then could lead in buffer overflows. These bugs were found with Google's OSS-Fuzz, see #405, #407, #408, #409, #411, and #412 for more information.
  • ๐Ÿ‘ท We now also use the Doozer continuous integration platform.
  • ๐Ÿ‘ท The complete test suite is now also run with Clang's address sanitizer and undefined-behavior sanitizer.
  • โœ… Overworked fuzz testing; CBOR and MessagePack implementations are now fuzz-tested. Furthermore, all fuzz tests now include a round trip which ensures created output can again be properly parsed and yields the same JSON value.
  • ๐Ÿ“ Clarified documentation of find() function to always return end() when called on non-object value types.
  • ๐Ÿ”จ Moved thirdparty test code to test/thirdparty directory.

Downloads

JSON for Modern C++ Version 2.0.9

@nlohmann nlohmann released this Dec 16, 2016 · 72 commits to develop since this release

  • Release date: 2016-12-16
  • MD5: 09cffbad0a7c660a482cb8e5bd5ad71c

Summary

This release implements with CBOR and MessagePack two binary serialization/deserialization formats. It further contains some small fixes and improvements. The fixes are backwards compatible.

Changes

  • โœจ The library can now read and write the binary formats CBOR (Concise Binary Object Representation) and MessagePack. Both formats are aimed to produce a very compact representation of JSON which can be parsed very efficiently. See the README file for more information and examples.
  • ๐Ÿ”ฅ simplified the iteration implementation allowing to remove dozens of lines of code
  • ๐Ÿ› fixed an integer overflow error detected by Google's OSS-Fuzz
  • ๐Ÿ› suppressed documentation warnings inside the library to facilitate compilation with -Wdocumentation
  • ๐Ÿ› fixed an overflow detection error in the number parser
  • ๐Ÿ“ updated contribution guidelines to a list of frequentely asked features that will most likely be never added to the library
  • ๐Ÿ“ added a table of contents to the README file to add some structure
  • ๐Ÿ“ mentioned the many examples and the documentation in the README file
  • ๐Ÿ”จ split unit tests into individual independent binaries to speed up compilation and testing
  • โœ… the test suite now contains 11201886 tests

Downloads

JSON for Modern C++ Version 2.0.8

@nlohmann nlohmann released this Dec 2, 2016 · 154 commits to develop since this release

  • Release date: 2016-12-02
  • MD5: ed38cfee503b0dee355b069455ae3f47

Summary

This release combines a lot of small fixes and improvements. The fixes are backwards compatible.

Changes

  • ๐Ÿ› fixed a bug that froze the parser if a passed file was not found (now, std::invalid_argument is thrown)
  • ๐Ÿ› fixed a bug that lead to an error of a file at EOF was parsed again (now, std::invalid_argument is thrown)
  • โœจ the well known functions emplace and emplace_back have been added to JSON values and work as expected
  • โšก๏ธ improved the performance of the serialization (dump function)
  • โšก๏ธ improved the performance of the deserialization (parser)
  • ๐Ÿ‘ท some continuous integration images at Travis were added and retired; see here for the current continuous integration setup
  • ๐Ÿ‘ท the Coverity scan works again
  • ๐Ÿ“ˆ the benchmarking code has been improved to produce more stable results
  • ๐Ÿ“ the README file has been extended and includes more frequently asked examples
  • โœ… the test suite now contains 8905518 tests
  • โฌ†๏ธ updated Catch to version 1.5.8

Downloads

JSON for Modern C++ Version 2.0.7

@nlohmann nlohmann released this Nov 2, 2016 · 201 commits to develop since this release

  • Release date: 2016-11-02
  • MD5: ed8aa2b8af05b0a2a9556fea07eb9253

Summary

This release fixes a few bugs in the JSON parser found in the Parsing JSON is a Minefield ๐Ÿ’ฃ article. The fixes are backwards compatible.

Changes

  • The article Parsing JSON is a Minefield ๐Ÿ’ฃ discusses a lot of pitfalls of the JSON specification. When investigating the published test cases, a few bugs in the library were found and fixed:
    • Files with less than 5 bytes can now be parsed without error.
    • The library now properly rejects any file encoding other than UTF-8. Furthermore, incorrect surrogate pairs are properly detected and rejected.
    • The library now accepts all but one "yes" test (y_string_utf16.json): UTF-16 is not supported.
    • The library rejects all but one "no" test (n_number_then_00.json): Null bytes are treated as end of file instead of an error. This allows to parse input from null-terminated strings.
  • The string length passed to a user-defined string literal is now exploited to choose a more efficient constructor.
  • A few grammar mistakes in the README file have been fixed.

Downloads

JSON for Modern C++ Version 2.0.6

@nlohmann nlohmann released this Oct 15, 2016 · 226 commits to develop since this release

  • Release date: 2016-10-15
  • MD5: 88bdb23b149b5393f12476f56fe4757c

Summary

This release fixes the semantics of operator[] for JSON Pointers (see below). This fix is backwards compatible.

Changes

  • operator[] for JSON Pointers now behaves like the other versions of operator[] and transforms null values into objects or arrays if required. This allows to created nested structues like j["/foo/bar/2"] = 17 (yielding {"foo": "bar": [null, null, 17]}) without problems.
  • overworked a helper SFINAE function
  • fixed some documentation issues
  • fixed the CMake files to allow to run the test suite outside the main project directory
  • restored test coverage to 100%.

Downloads

JSON for Modern C++ Version 2.0.5

@nlohmann nlohmann released this Sep 14, 2016 · 255 commits to develop since this release

  • Release date: 2016-09-14
  • MD5: 5b49db78eae28ce5faf84cfc2e6c97fa

Summary

This release fixes a regression bug in the stream parser (function parse() and the <</>> operators). This fix is backwards compatible.

Changes

  • Bug fix: The end of a file stream was not detected properly which led to parse errors. This bug should have been fixed with 2.0.4, but there was still a flaw in the code.

Downloads

JSON for Modern C++ Version 2.0.4

@nlohmann nlohmann released this Sep 11, 2016 · 261 commits to develop since this release

  • Release date: 2016-09-11
  • MD5: ed4af3d098c8c0d8d483cabc7836d2c7

Summary

This release fixes a bug in the stream parser (function parse() and the <</>> operators). This fix is backwards compatible.

Changes

  • Bug fix: The end of a file stream was not detected properly which led to parse errors.
  • Fixed a compiler warning about an unused variable.

Downloads

JSON for Modern C++ Version 2.0.3

@nlohmann nlohmann released this Aug 31, 2016 · 273 commits to develop since this release

  • Release date: 2016-08-31
  • MD5: f5fccaee572fe8f20a25feb969c21f8c

Summary

This release combines a lot of small fixes and improvements. The release is backwards compatible.

Changes

  • The parser/deserialization functions have been generalized to process any contiguous sequence of 1-byte elements (e.g., char, unsigned char, uint8_t). This includes all kind of string representations (string literals, char arrays, std::string, const char*), contiguous containers (C-style arrays, std::vector, std::array, std::valarray, std::initializer_list). User-defined containers providing random-access iterator access via std::begin and std::end can be used as well. See the documentation (1, 2, 3, 4) for more information. Note that contiguous storage cannot be checked at compile time; if any of the parse functions are called with a noncompliant container, the behavior is undefined and will most likely yield segmentation violation. The preconditions are enforced by an assertion unless the library is compiled with preprocessor symbol NDEBUG.
  • As a general remark on assertions: The library uses assertions to preclude undefined behavior. A prominent example for this is the operator[] for const JSON objects. The behavior of this const version of the operator is undefined if the given key does not exist in the JSON object, because unlike the non-const version, it cannot add a null value at the given key. Assertions can be switched of by defining the preprocessor symbol NDEBUG. See the documentation of assert for more information.
  • In the course of cleaning up the parser/deserialization functions, the constructor basic_json(std::istream&, const parser_callback_t) has been deprecated and will be deleted with the next major release 3.0.0 to unify the interface of the library. Deserialization will be done by stream operators or by calling one of the parse functions. That is, calls like json j(i); for an input stream i need to be replaced by json j = json::parse(i);. Compilers will produce a deprecation warning if client code uses this function.
  • Minor improvements:
    • Improved the performance of the serialization by avoiding the re-creation of a locale object.
    • Fixed two MSVC warnings. Compiling the test suite with /Wall now only warns about non-inlined functions (C4710) and the deprecation of the constructor from input-stream (C4996).
  • Some project internals:
    • The project has qualified for the Core Infrastructure Initiative Best Practices Badge. While most requirements where already satisfied, some led to a more explicit documentation of quality-ensuring procedures. For instance, static analysis is now executed with every commit on the build server. Furthermore, the contribution guidelines document how to communicate security issues privately.
    • The test suite has been overworked and split into several files to allow for faster compilation and analysis. The execute the test suite, simply execute make check.
    • The continuous integration with Travis was extended with Clang versions 3.6.0 to 3.8.1 and now includes 18 different compiler/OS combinations.
    • An 11-day run of American fuzzy lop checked 962 million inputs on the parser and found no issue.

Downloads

JSON for Modern C++ Version 2.0.2

@nlohmann nlohmann released this Jul 31, 2016 · 361 commits to develop since this release

  • Release date: 2016-07-31
  • MD5: ee7821cfae39a98e81f4afaff8de3712

Summary

This release combines a lot of small fixes and improvements. The release is backwards compatible.

Changes

  • The parser has been overworked, and a lot of small issues have been fixed:
    • Improved parser performance by avoiding recursion and using move semantics for the return value.
    • Unescaped control charaters \x10-\x1f are not accepted any more.
    • Fixed a bug in the parser when reading from an input stream.
    • Improved test case coverage for UTF-8 parsing: now, all valid Unicode code points are tested both escaped and unescaped.
    • The precision of output streams is now preserved by the parser.
  • Started to check the code correctness by proving termination of important loops. Furthermore, individual assertions have been replaced by a more systematic function which checks the class invariants. Note that assertions should be switched off in production by defining the preprocessor macro NDEBUG, see the documentation of assert.
  • A lot of code cleanup: removed unused headers, fixed some compiler warnings, and fixed a build error for Windows-based Clang builds.
  • Added some compile-time checks:
    • Unsupported compilers are rejected during compilation with an #error command.
    • Static assertion prohibits code with incompatible pointer types used in get_ptr().
  • Improved the documentation, and adjusted the documentation script to choose the correct version of sed.
  • Replaced a lot of "raw loops" by STL functions like std::all_of, std::for_each, or std::accumulate. This facilitates reasoning about termination of loops and sometimes allowed to simplify functions to a single return statement.
  • Implemented a value() function for JSON pointers (similar to at function).
  • The Homebrew formula (see Integration) is now tested for all Xcode builds (6.1 - 8.x) with Travis.
  • Avoided output to std::cout in the test cases.

Downloads

JSON for Modern C++ Version 2.0.1

@nlohmann nlohmann released this Jun 28, 2016 · 417 commits to develop since this release

  • Release date: 2016-06-28
  • MD5: 87a37c378bc62346a371cc81fa2dc837

Summary

This release fixes a performance regression in the JSON serialization (function dump()). This fix is backwards compatible.

Changes

  • The locale of the output stream (or the internal string stream if a JSON value is serialized to a string) is now adjusted once for the whole serialization instead of for each floating-point number.
  • The locale of an output stream is now correctly reset to the previous value by the JSON library.

Downloads