Loop in szuj...@hotmail.com <mailto:szuj...@hotmail.com>
I also found this email in Fastjson community. > 下面是被转发的邮件: > > 发件人: liujun <liu...@apache.org <mailto:liu...@apache.org>> > 主题: 回复:[Proposal] Support FASTJSON 2.0 and replace Hessian with FASTJSON 2.0 > as default serialization protocol > 日期: 2022年6月21日 GMT+8 上午10:31:33 > 收件人: "dev@dubbo.apache.org <mailto:dev@dubbo.apache.org>" > <dev@dubbo.apache.org <mailto:dev@dubbo.apache.org>> > 抄送: shaojin.we...@alibaba-inc.com <mailto:shaojin.we...@alibaba-inc.com> > > I think it is very meaningful to discuss about the long-term supporting or > default serialization protocol of Dubbo3. We are facing many difficulties in > Hessian (low community activity and high cost of cross language support, > etc.). So I don't think we are able to maintain Hessian for a long time. > > Fortunately, the serialization protocol in Dubbo can be flexibly extended. I > think it’s a good idea to add the Fastjson2 as an extension. If it proves to > be good enough, we can even consider it as the default serialization protocol > in the future. But the migration of the serialization protocol is not a > simple thing. We need to think about how to reduce the cost on the user’s > side. > > For Fastjson2, I think we need to further evaluate it by focusing on the > following points: > > * Security consideration of both protocol design and implementation > * Community activity level, whether or not it will receive long-term support > * Current situation and plan of multilingual support > * Java specific issues: support of ahead-of-time compilation supported by > tools like GraalVM, support of jdk17, etc. > > Regards, > Jun > >> 2022年6月16日 下午3:34,Albumen Kevin <album...@apache.org >> <mailto:album...@apache.org>> 写道: >> >> Hello Dubbo Community, >> >> FASTJSON 2.0 is an important upgrade of the FASTJSON project. The goal is >> to provide a high-performance JSON library for the next decade. The same >> API supports both JSON/JSONB protocols. JSONPath is a first-class citizen, >> supporting full parsing and partial parsing, and supporting Java Server, >> client Android, big data scenarios. The current default serialization >> protocol of Dubbo is the Hessian protocol, which is unmaintained for a long >> time and cannot guarantee future security and compatibility. Therefore, >> Dubbo provides FASTJSON 2.0 serialization protocol support to solve the >> existing problems, and whether we can consider replacing Dubbo's default >> serialization protocol with FASTJSON 2.0. >> >> # Advantage >> >> 1. When FASTJSON 2.0 is used as a common tool class, autotype has been >> disabled by default, and the default is safe. >> 2. The performance of FASTJSON 2.0 has been greatly improved. The >> performance is very excellent. Compared with Hessian, the performance has >> been greatly improved. In terms of network transmission, the JSONB protocol >> has greater data compression than Hessian for complex objects. >> 3. FASTJSON 2.0 In the RPC scenario, after the autotype function is turned >> on, a relatively complete serialization function can be realized, and it >> can cover the scenarios supported by Hessian (same as Hessian, JDK >> serialization, etc., in the RPC scenario, it is unavoidable to have any >> reverses. Serialization problem, we need to explore a set of mechanisms in >> the future to ensure communication security) >> 4. FASTJSON 2.0 natively supports JDK 17, and Dubbo can run normally under >> JDK 17 without adding any special configuration >> 5. FASTJSON 2.0 supports GraalVM Native-Image, JDK14 Record, etc. >> >> FASTJSON 2.0 是 FASTJSON 项目的重要升级,目标是为下一个十年提供一个高性能的 JSON 库,同一套 API 支持 JSON / >> JSONB 两种协议,JSONPath 是一等公民,支持全量解析和部分解析,支持 Java 服务端、客户端 Android、大数据场景。而 Dubbo >> 当前的默认序列化协议为 Hessian 协议,存在长时间无人维护的问题,无法为未来的安全性以及兼容性做保障。因此,Dubbo 提供 FASTJSON >> 2.0 的序列化协议支持能解决现有的问题,并在我们是否可以考虑 Dubbo 的默认序列化协议替换为 FASTJSON 2.0。 >> >> # 优势 >> >> 1. FASTJSON 2.0 作为普通工具类的时候已经在缺省情况下禁用 autotype ,缺省是安全的。 >> 2. FASTJSON 2.0 性能有了很大提升,性能非常卓越,较 Hessian 有较大的性能提升,网络传输方面 JSONB 协议较 Hessian >> 在复杂对象下有较大的数据压缩 >> 3. FASTJSON 2.0 在 RPC 场景下,打开 autotype 功能后,能够实现比较完整的序列化的功能,能够覆盖 Hessian >> 所支持的场景(和 Hessian、JDK 序列化等一样,在 RPC 场景下无法避免存在任意反序列化问题,未来需要探索一套机制来保障通信安全) >> 4. FASTJSON 2.0 原生支持 JDK 17,Dubbo 可以在不添加任何特殊配置的情况下正常运行在 JDK 17 下 >> 5. FASTJSON 2.0 支持 GraalVM Native-Image、JDK14 Record 等 >> >> Thanks, >> Albumen Kevin >
