PJ Fanning created DRILL-8415:
---------------------------------
Summary: Jackson 2.15
Key: DRILL-8415
URL: https://issues.apache.org/jira/browse/DRILL-8415
Project: Apache Drill
Issue Type: Improvement
Reporter: PJ Fanning
I'm not advocating for an upgrade to [Jackson
2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15].
2.15.0-rc1 has just been released and 2.15.0 should be out soon.
There are some security focused enhancements including a new class called
StreamReadConstraints. The defaults on
[StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
are pretty high but it is not inconceivable that some Drill users might need
to relax them. Parsing large strings as numbers is sub-quadratic, thus the
default limit of 1000 chars or bytes (depending on input context).
When the Drill team consider upgrading to Jackson 2.15 or above, you might also
want to consider adding some way for users to configure the
StreamReadConstraints.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
