Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.21.1
-
None
-
None
Description
I'm not advocating for an upgrade to Jackson 2.15. 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
There are some security focused enhancements including a new class called StreamReadConstraints. The defaults on StreamReadConstraints are pretty high but it is not inconceivable that some Drill users might need to relax them. Parsing large strings as numbers is sub-quadratic, thus the default limit of 1000 chars or bytes (depending on input context).
When the Drill team consider upgrading to Jackson 2.15 or above, you might also want to consider adding some way for users to configure the StreamReadConstraints.
Attachments
Issue Links
- is related to
-
DRILL-8429 Upgrade Jackson to 2.14.3
- Closed
-
DRILL-8430 Add factory method for creating Jackson ObjectMappers
- Closed