Re: [PR] DRILL-8415: Upgrade Jackson 2.14.3 → 2.16.1 (drill)

Wed, 03 Jan 2024 02:19:37 -0800 


Lceeba commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1875133737

   Unsubscribe
   
   On Wed, 3 Jan, 2024, 13:41 James Turton, ***@***.***> wrote:
   
   > DRILL-8415 <https://issues.apache.org/jira/browse/DRILL-8415>: Upgrade
   > Jackson 2.14.3 → 2.16.1 Description
   >
   > The following should be investigated before merging.
   >
   > There are some security focused enhancements including a new class called
   > StreamReadConstraints. The defaults on StreamReadConstraints
   > 
<https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html>
   > are pretty high but it is not inconceivable that some Drill users might
   > need to relax them. Parsing large strings as numbers is sub-quadratic, thus
   > the default limit of 1000 chars or bytes (depending on input context).
   >
   > When the Drill team consider upgrading to Jackson 2.15 or above, you might
   > also want to consider adding some way for users to configure the
   > StreamReadConstraints.
   >
   > Documentation
   >
   > N/A
   > Testing
   >
   > Unit tests pass.
   > ------------------------------
   > You can view, comment on, or merge this pull request online at:
   >
   >   https://github.com/apache/drill/pull/2866
   > Commit Summary
   >
   >    - 827521f
   >    
<https://github.com/apache/drill/pull/2866/commits/827521f07f27f6d3bae47c41b057d5489e8106a1>
   >    Upgrade Jackson 2.14.3 → 2.16.1.
   >
   > File Changes
   >
   > (1 file <https://github.com/apache/drill/pull/2866/files>)
   >
   >    - *M* pom.xml
   >    
<https://github.com/apache/drill/pull/2866/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8>
   >    (2)
   >
   > Patch Links:
   >
   >    - https://github.com/apache/drill/pull/2866.patch
   >    - https://github.com/apache/drill/pull/2866.diff
   >
   > —
   > Reply to this email directly, view it on GitHub
   > <https://github.com/apache/drill/pull/2866>, or unsubscribe
   > 
<https://github.com/notifications/unsubscribe-auth/ACZFXPXLDZDST7EC5F5TWEDYMUHDDAVCNFSM6AAAAABBLB6LK2VHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DGNBWGIZTCOA>
   > .
   > You are receiving this because you are subscribed to this thread.Message
   > ID: ***@***.***>
   >
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to