Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-8415

Upgrade Jackson 2.14.3 → 2.16.1

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.21.1
    • 1.21.2
    • None
    • None

    Description

      I'm not advocating for an upgrade to Jackson 2.15. 2.15.0-rc1 has just been released and 2.15.0 should be out soon.

      There are some security focused enhancements including a new class called StreamReadConstraints. The defaults on StreamReadConstraints are pretty high but it is not inconceivable that some Drill users might need to relax them. Parsing large strings as numbers is sub-quadratic, thus the default limit of 1000 chars or bytes (depending on input context).

      When the Drill team consider upgrading to Jackson 2.15 or above, you might also want to consider adding some way for users to configure the StreamReadConstraints.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              pj.fanning PJ Fanning
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: