JSON for Modern C++ Version 2.0.10

• Release date: 2017-01-02
• SHA-256: ec27d4e74e9ce0f78066389a70724afd07f10761009322dc020656704ad5296d

Summary

This release fixes several security-relevant bugs in the MessagePack and CBOR parsers. The fixes are backwards compatible.

Changes

• 🐛 Fixed a lot of bugs in the CBOR and MesssagePack parsers. These bugs occurred if invalid input was parsed and then could lead in buffer overflows. These bugs were found with Google's OSS-Fuzz, see #405, #407, #408, #409, #411, and #412 for more information.
• 👷 We now also use the Doozer continuous integration platform.
• 👷 The complete test suite is now also run with Clang's address sanitizer and undefined-behavior sanitizer.
• ✅ Overworked fuzz testing; CBOR and MessagePack implementations are now fuzz-tested. Furthermore, all fuzz tests now include a round trip which ensures created output can again be properly parsed and yields the same JSON value.
• 📝 Clarified documentation of find() function to always return end() when called on non-object value types.
• 🔨 Moved thirdparty test code to test/thirdparty directory.

JSON for Modern C++ Version 2.0.9

• Release date: 2016-12-16
• SHA-256: fbf3396f13e187d6c214c297bddc742d918ea9b55e10bfb3d9f458b9bfdc22e5

Summary

This release implements with CBOR and MessagePack two binary serialization/deserialization formats. It further contains some small fixes and improvements. The fixes are backwards compatible.

Changes

• ✨ The library can now read and write the binary formats CBOR (Concise Binary Object Representation) and MessagePack. Both formats are aimed to produce a very compact representation of JSON which can be parsed very efficiently. See the README file for more information and examples.
• 🔥 simplified the iteration implementation allowing to remove dozens of lines of code
• 🐛 fixed an integer overflow error detected by Google's OSS-Fuzz
• 🐛 suppressed documentation warnings inside the library to facilitate compilation with -Wdocumentation
• 🐛 fixed an overflow detection error in the number parser
• 📝 updated contribution guidelines to a list of frequentely asked features that will most likely be never added to the library
• 📝 added a table of contents to the README file to add some structure
• 📝 mentioned the many examples and the documentation in the README file
• 🔨 split unit tests into individual independent binaries to speed up compilation and testing
• ✅ the test suite now contains 11201886 tests

JSON for Modern C++ Version 2.0.8

• Release date: 2016-12-02
• SHA-256: b70db0ad34f8e0e61dc3f0cbab88099336c9674c193d8a3439d93d6aca2d7120

Summary

This release combines a lot of small fixes and improvements. The fixes are backwards compatible.

Changes

• 🐛 fixed a bug that froze the parser if a passed file was not found (now, std::invalid_argument is thrown)
• 🐛 fixed a bug that lead to an error of a file at EOF was parsed again (now, std::invalid_argument is thrown)
• ✨ the well known functions emplace and emplace_back have been added to JSON values and work as expected
• ⚡ improved the performance of the serialization (dump function)
• ⚡ improved the performance of the deserialization (parser)
• 👷 some continuous integration images at Travis were added and retired; see here for the current continuous integration setup
• 👷 the Coverity scan works again
• 📈 the benchmarking code has been improved to produce more stable results
• 📝 the README file has been extended and includes more frequently asked examples
• ✅ the test suite now contains 8905518 tests
• ⬆️ updated Catch to version 1.5.8

JSON for Modern C++ Version 2.0.7

• Release date: 2016-11-02
• SHA-256: 5545c323670f8165bae90b9dc6078825e86ec310d96cc4e5b47233ea43715bbf

Summary

This release fixes a few bugs in the JSON parser found in the Parsing JSON is a Minefield 💣 article. The fixes are backwards compatible.

Changes

• The article Parsing JSON is a Minefield 💣 discusses a lot of pitfalls of the JSON specification. When investigating the published test cases, a few bugs in the library were found and fixed:
  • Files with less than 5 bytes can now be parsed without error.
  • The library now properly rejects any file encoding other than UTF-8. Furthermore, incorrect surrogate pairs are properly detected and rejected.
  • The library now accepts all but one "yes" test (y_string_utf16.json): UTF-16 is not supported.
  • The library rejects all but one "no" test (n_number_then_00.json): Null bytes are treated as end of file instead of an error. This allows to parse input from null-terminated strings.
• The string length passed to a user-defined string literal is now exploited to choose a more efficient constructor.
• A few grammar mistakes in the README file have been fixed.

JSON for Modern C++ Version 2.0.6

• Release date: 2016-10-15
• SHA256: 459cc93d5e2f503e50c6d5876eb86bfea7daf405f5a567c5a2c9abc2383756ae

Summary

This release fixes the semantics of operator[] for JSON Pointers (see below). This fix is backwards compatible.

Changes

• operator[] for JSON Pointers now behaves like the other versions of operator[] and transforms null values into objects or arrays if required. This allows to created nested structues like j["/foo/bar/2"] = 17 (yielding {"foo": "bar": [null, null, 17]}) without problems.
• overworked a helper SFINAE function
• fixed some documentation issues
• fixed the CMake files to allow to run the test suite outside the main project directory
• restored test coverage to 100%.

JSON for Modern C++ Version 2.0.5

• Release date: 2016-09-14
• SHA-256: 8b7565263a44e2b7d3b89808bc73d2d639037ff0c1f379e3d56dbd77e00b98d9

Summary

This release fixes a regression bug in the stream parser (function parse() and the <</>> operators). This fix is backwards compatible.

Changes

• Bug fix: The end of a file stream was not detected properly which led to parse errors. This bug should have been fixed with 2.0.4, but there was still a flaw in the code.

JSON for Modern C++ Version 2.0.4

• Release date: 2016-09-11
• SHA-256: 632ceec4c25c4e2153f71470d3a2b992c8355f6d8b4d627d05dd16095cd3aeda

Summary

This release fixes a bug in the stream parser (function parse() and the <</>> operators). This fix is backwards compatible.

Changes

• Bug fix: The end of a file stream was not detected properly which led to parse errors.
• Fixed a compiler warning about an unused variable.

JSON for Modern C++ Version 2.0.3

• Release date: 2016-08-31
• SHA-256: 535b73efe5546fde9e763c14aeadfc7b58183c0b3cd43c29741025aba6cf6bd3

Summary

This release combines a lot of small fixes and improvements. The release is backwards compatible.

Changes

• The parser/deserialization functions have been generalized to process any contiguous sequence of 1-byte elements (e.g., char, unsigned char, uint8_t). This includes all kind of string representations (string literals, char arrays, std::string, const char*), contiguous containers (C-style arrays, std::vector, std::array, std::valarray, std::initializer_list). User-defined containers providing random-access iterator access via std::begin and std::end can be used as well. See the documentation (1, 2, 3, 4) for more information. Note that contiguous storage cannot be checked at compile time; if any of the parse functions are called with a noncompliant container, the behavior is undefined and will most likely yield segmentation violation. The preconditions are enforced by an assertion unless the library is compiled with preprocessor symbol NDEBUG.
• As a general remark on assertions: The library uses assertions to preclude undefined behavior. A prominent example for this is the operator[] for const JSON objects. The behavior of this const version of the operator is undefined if the given key does not exist in the JSON object, because unlike the non-const version, it cannot add a null value at the given key. Assertions can be switched of by defining the preprocessor symbol NDEBUG. See the documentation of assert for more information.
• In the course of cleaning up the parser/deserialization functions, the constructor basic_json(std::istream&, const parser_callback_t) has been deprecated and will be deleted with the next major release 3.0.0 to unify the interface of the library. Deserialization will be done by stream operators or by calling one of the parse functions. That is, calls like json j(i); for an input stream i need to be replaced by json j = json::parse(i);. Compilers will produce a deprecation warning if client code uses this function.
• Minor improvements:
  • Improved the performance of the serialization by avoiding the re-creation of a locale object.
  • Fixed two MSVC warnings. Compiling the test suite with /Wall now only warns about non-inlined functions (C4710) and the deprecation of the constructor from input-stream (C4996).
• Some project internals:
  • The project has qualified for the Core Infrastructure Initiative Best Practices Badge. While most requirements where already satisfied, some led to a more explicit documentation of quality-ensuring procedures. For instance, static analysis is now executed with every commit on the build server. Furthermore, the contribution guidelines document how to communicate security issues privately.
  • The test suite has been overworked and split into several files to allow for faster compilation and analysis. The execute the test suite, simply execute make check.
  • The continuous integration with Travis was extended with Clang versions 3.6.0 to 3.8.1 and now includes 18 different compiler/OS combinations.
  • An 11-day run of American fuzzy lop checked 962 million inputs on the parser and found no issue.

JSON for Modern C++ Version 2.0.2

• Release date: 2016-07-31
• SHA-256: 8e97b7965b4594b00998d6704465412360e1a0ed927badb51ded8b82291a8f3d

Summary

This release combines a lot of small fixes and improvements. The release is backwards compatible.

Changes

• The parser has been overworked, and a lot of small issues have been fixed:
  • Improved parser performance by avoiding recursion and using move semantics for the return value.
  • Unescaped control charaters \x10-\x1f are not accepted any more.
  • Fixed a bug in the parser when reading from an input stream.
  • Improved test case coverage for UTF-8 parsing: now, all valid Unicode code points are tested both escaped and unescaped.
  • The precision of output streams is now preserved by the parser.
• Started to check the code correctness by proving termination of important loops. Furthermore, individual assertions have been replaced by a more systematic function which checks the class invariants. Note that assertions should be switched off in production by defining the preprocessor macro NDEBUG, see the documentation of assert.
• A lot of code cleanup: removed unused headers, fixed some compiler warnings, and fixed a build error for Windows-based Clang builds.
• Added some compile-time checks:
  • Unsupported compilers are rejected during compilation with an #error command.
  • Static assertion prohibits code with incompatible pointer types used in get_ptr().
• Improved the documentation, and adjusted the documentation script to choose the correct version of sed.
• Replaced a lot of "raw loops" by STL functions like std::all_of, std::for_each, or std::accumulate. This facilitates reasoning about termination of loops and sometimes allowed to simplify functions to a single return statement.
• Implemented a value() function for JSON pointers (similar to at function).
• The Homebrew formula (see Integration) is now tested for all Xcode builds (6.1 - 8.x) with Travis.
• Avoided output to std::cout in the test cases.

JSON for Modern C++ Version 2.0.1

• Release date: 2016-06-28
• SHA-256: ef550fcd7df572555bf068e9ec4e9d3b9e4cdd441cecb0dcea9ea7fd313f72dd

Summary

This release fixes a performance regression in the JSON serialization (function dump()). This fix is backwards compatible.

Changes

• The locale of the output stream (or the internal string stream if a JSON value is serialized to a string) is now adjusted once for the whole serialization instead of for each floating-point number.
• The locale of an output stream is now correctly reset to the previous value by the JSON library.