jackson 2.16 support #564
jackson 2.16 support #564
Conversation
pjfanning
requested review from
mdedetrich,
He-Pin,
nvollmar,
jrudolph and
gmethvin
pjfanning
force-pushed
the
jackson-2.15
branch
from
c3d3add to
96aacd5
Compare
| # these defaults are the same as the defaults in `StreamReadConstraints` | ||
| max-nesting-depth = 1000 | ||
| max-number-length = 1000 | ||
| max-string-length = 20000000 |
There was a problem hiding this comment.
read.constraints {
max-nesting-depth = 1000
max-number-length = 1000
max-string-length = 20000000
}
Seems more clear
There was a problem hiding this comment.
I honestly don't think adding the word constraints to the config names here makes them any clearer. Config names need to balance descriptiveness with conciseness.
|
jackson 2.16.0 should be out soon and it has some more constraints - I will repurpose this PR to further update to jackson 2.16.0 and support the extra constraints |
pjfanning
force-pushed
the
jackson-2.15
branch
from
96aacd5 to
7e2d1a4
Compare
pjfanning
force-pushed
the
jackson-2.15
branch
from
b3732ba to
c3f0b7e
Compare
| .maxNumberLength(config.getInt("read.max-number-length")) | ||
| .maxStringLength(config.getInt("read.max-string-length")) | ||
| .maxNameLength(config.getInt("read.max-name-length")) | ||
| .maxDocumentLength(config.getLong("read.max-document-length")) |
There was a problem hiding this comment.
Do these configurations have default values, or users must specify the configuration?
There was a problem hiding this comment.
We ship reference conf with the defaults. Users can override the values by setting them in their own application.conf or application.json.
There was a problem hiding this comment.
This is how Akka/Pekko has always worked.
Update JacksonObjectMapperProvider.scala Update JacksonObjectMapperProvider.scala Update JacksonObjectMapperProvider.scala
pjfanning
force-pushed
the
jackson-2.15
branch
from
c3f0b7e to
cf2a742
Compare
|
@He-Pin @mdedetrich is this something we can merge into main branch? Jackson 2.16 has quite a bit of security hardening. |
|
@mdedetrich if we are getting close to creating an RC for the M1 of pekko 1.1.0, I would like to get this merged. |
|
Okay ill look at it in more detail tomorrow |
| max-name-length = 50000 | ||
| # max-document-length of -1 means unlimited | ||
| max-document-length = -1 | ||
| } |
see https://www.javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.16.0/com/fasterxml/jackson/core/StreamReadConstraints.html
Users who want this feature now can use these libs instead:
For Pekko 1.1, I still want to get this merged centrally.