[
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804122#comment-17804122
]
ASF GitHub Bot commented on DRILL-8415:
---------------------------------------
cgivre commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1880409413
> I haven't rebased this yet in case we decide to squash the WIP commits
that were merged into master. Once a decision is made either way this can be
rebased and a CI run obtained.
I'm fine with leaving the WIP commits as long as we don't make a habit out
of it. It's probably more of a hassle to undo the PR, squash the commits and
re-merge them.
> Upgrade Jackson 2.14.3 → 2.16.1
> -------------------------------
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.21.1
> Reporter: PJ Fanning
> Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15].
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called
> StreamReadConstraints. The defaults on
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
> are pretty high but it is not inconceivable that some Drill users might need
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might
> also want to consider adding some way for users to configure the
> StreamReadConstraints.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
