Skip to content

1.3.5
Compare
Choose a tag to compare
@jrudolph jrudolph released this 08 Nov 13:24
· 48 commits to master since this release
v1.3.5
This tag was signed with the committer’s verified signature.
jrudolph Johannes Rudolph
GPG key ID: 4D293A24CCD39E19
Learn about vigilant mode.
bfaf245
This commit was signed with the committer’s verified signature.
jrudolph Johannes Rudolph
GPG key ID: 4D293A24CCD39E19
Learn about vigilant mode.

See the milestone for all changes.

Security fix for several Denial Of Service vulnerabilities:

Thanks, Andriy Plokhotnyuk who brought the first two issues to our attention.

Migration Notes

For some fixes, we added new limits to the parser:

  • Maximum depth of nested JSON values, defaults to 1000
  • Maximum characters for number values, defaults to 100

We introduced a JsonParserSettings class which can be used to customize these limits. New overloads for JsonParser.apply and String.parseJson have been introduced to specify custom settings.

Also, field ordering changed when printing a JsValue. Use jsValue.sortedPrint if you want to be sure fields are always ordered the same.

Assets 2
Loading