jnturton opened a new pull request, #2866: URL: https://github.com/apache/drill/pull/2866
# [DRILL-8415](https://issues.apache.org/jira/browse/DRILL-8415): Upgrade Jackson 2.14.3 → 2.16.1 ## Description The following should be investigated before merging. > There are some security focused enhancements including a new class called StreamReadConstraints. The defaults on [StreamReadConstraints](https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html) are pretty high but it is not inconceivable that some Drill users might need to relax them. Parsing large strings as numbers is sub-quadratic, thus the default limit of 1000 chars or bytes (depending on input context). > > When the Drill team consider upgrading to Jackson 2.15 or above, you might also want to consider adding some way for users to configure the StreamReadConstraints. ## Documentation N/A ## Testing Unit tests pass. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
