[
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804119#comment-17804119
]
ASF GitHub Bot commented on DRILL-8415:
---------------------------------------
jnturton commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1880406941
I starting adding congifuration support for the new StreamReadConstraints,
first globally and then just in the JSON reader, but I got stopped by a sense
of YAGNI. It's hard to imagine someone who will need something beyond the
default values in Jackson and more configuration is more complexity that users
must contend with. So my opinion at this point is that we should only add that
configurability if someone asks for it...
> Upgrade Jackson 2.14.3 → 2.16.1
> -------------------------------
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.21.1
> Reporter: PJ Fanning
> Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15].
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called
> StreamReadConstraints. The defaults on
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
> are pretty high but it is not inconceivable that some Drill users might need
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might
> also want to consider adding some way for users to configure the
> StreamReadConstraints.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
