[jira] [Commented] (AVRO-3819) [Java] Rationalize the system properties that limit allocation
[ https://issues.apache.org/jira/browse/AVRO-3819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17756243#comment-17756243 ] ASF subversion and git services commented on AVRO-3819: --- Commit e2e57aac2d03589c14a3298be95f78481d8b4d51 in avro's branch refs/heads/branch-1.11 from Ryan Skraba [ https://gitbox.apache.org/repos/asf?p=avro.git;h=e2e57aac2 ] AVRO-3819: Centralize system properties that limit allocations (#2432) > [Java] Rationalize the system properties that limit allocation > -- > > Key: AVRO-3819 > URL: https://issues.apache.org/jira/browse/AVRO-3819 > Project: Apache Avro > Issue Type: Bug > Components: java >Reporter: Ryan Skraba >Assignee: Ryan Skraba >Priority: Major > Labels: pull-request-available > Fix For: 1.11.3 > > Time Spent: 1h > Remaining Estimate: 0h > > There are currently some system properties that limit datum allocation size: > * org.apache.avro.limits.byte.maxLength > * org.apache.avro.limits.string.maxLength > These are hidden in two different classes (Utf8 and BinaryDecoder). It would > make sense to centralize them in one place to make it clearer how to limit > the damage untrusted data could do while deserializing. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (AVRO-3819) [Java] Rationalize the system properties that limit allocation
[ https://issues.apache.org/jira/browse/AVRO-3819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17756239#comment-17756239 ] ASF subversion and git services commented on AVRO-3819: --- Commit a12a7e44ddbe060c3dc731863cad5c15f9267828 in avro's branch refs/heads/master from Ryan Skraba [ https://gitbox.apache.org/repos/asf?p=avro.git;h=a12a7e44d ] AVRO-3819: Centralize system properties that limit allocations (#2432) > [Java] Rationalize the system properties that limit allocation > -- > > Key: AVRO-3819 > URL: https://issues.apache.org/jira/browse/AVRO-3819 > Project: Apache Avro > Issue Type: Bug > Components: java >Reporter: Ryan Skraba >Assignee: Ryan Skraba >Priority: Major > Labels: pull-request-available > Fix For: 1.11.3 > > Time Spent: 50m > Remaining Estimate: 0h > > There are currently some system properties that limit datum allocation size: > * org.apache.avro.limits.byte.maxLength > * org.apache.avro.limits.string.maxLength > These are hidden in two different classes (Utf8 and BinaryDecoder). It would > make sense to centralize them in one place to make it clearer how to limit > the damage untrusted data could do while deserializing. -- This message was sent by Atlassian Jira (v8.20.10#820010)
