[
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802102#comment-17802102
]
ASF GitHub Bot commented on DRILL-8415:
---------------------------------------
Lceeba commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1875133737
Unsubscribe
On Wed, 3 Jan, 2024, 13:41 James Turton, ***@***.***> wrote:
> DRILL-8415 <https://issues.apache.org/jira/browse/DRILL-8415>: Upgrade
> Jackson 2.14.3 → 2.16.1 Description
>
> The following should be investigated before merging.
>
> There are some security focused enhancements including a new class called
> StreamReadConstraints. The defaults on StreamReadConstraints
>
<https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html>
> are pretty high but it is not inconceivable that some Drill users might
> need to relax them. Parsing large strings as numbers is sub-quadratic, thus
> the default limit of 1000 chars or bytes (depending on input context).
>
> When the Drill team consider upgrading to Jackson 2.15 or above, you might
> also want to consider adding some way for users to configure the
> StreamReadConstraints.
>
> Documentation
>
> N/A
> Testing
>
> Unit tests pass.
> ------------------------------
> You can view, comment on, or merge this pull request online at:
>
> https://github.com/apache/drill/pull/2866
> Commit Summary
>
> - 827521f
>
<https://github.com/apache/drill/pull/2866/commits/827521f07f27f6d3bae47c41b057d5489e8106a1>
> Upgrade Jackson 2.14.3 → 2.16.1.
>
> File Changes
>
> (1 file <https://github.com/apache/drill/pull/2866/files>)
>
> - *M* pom.xml
>
<https://github.com/apache/drill/pull/2866/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8>
> (2)
>
> Patch Links:
>
> - https://github.com/apache/drill/pull/2866.patch
> - https://github.com/apache/drill/pull/2866.diff
>
> —
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/drill/pull/2866>, or unsubscribe
>
<https://github.com/notifications/unsubscribe-auth/ACZFXPXLDZDST7EC5F5TWEDYMUHDDAVCNFSM6AAAAABBLB6LK2VHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DGNBWGIZTCOA>
> .
> You are receiving this because you are subscribed to this thread.Message
> ID: ***@***.***>
>
> Upgrade Jackson 2.14.3 → 2.16.1
> -------------------------------
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.21.1
> Reporter: PJ Fanning
> Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15].
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called
> StreamReadConstraints. The defaults on
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
> are pretty high but it is not inconceivable that some Drill users might need
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might
> also want to consider adding some way for users to configure the
> StreamReadConstraints.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
