[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-08 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804258#comment-17804258
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

jnturton merged PR #2866:
URL: https://github.com/apache/drill/pull/2866




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-07 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804122#comment-17804122
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

cgivre commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1880409413

   > I haven't rebased this yet in case we decide to squash the WIP commits 
that were merged into master. Once a decision is made either way this can be 
rebased and a CI run obtained.
   
   I'm fine with leaving the WIP commits as long as we don't make a habit out 
of it.  It's probably more of a hassle to undo the PR, squash the commits and 
re-merge them. 




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-07 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804121#comment-17804121
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

jnturton commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1880408041

   I haven't rebased this yet in case we decide to squash the WIP commits that 
were merged into master. Once a decision is made either way this can be rebased 
and a CI run obtained.




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-07 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804120#comment-17804120
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

cgivre commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1880407190

   @jnturton This looks good however there is a merge conflict.   Can you 
please resolve so that we can run the CI?




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-07 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804119#comment-17804119
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

jnturton commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1880406941

   I starting adding congifuration support for the new StreamReadConstraints, 
first globally and then just in the JSON reader, but I got stopped by a sense 
of YAGNI. It's hard to imagine someone who will need something beyond the 
default values in Jackson and more configuration is more complexity that users 
must contend with. So my opinion at this point is that we should only add that 
configurability if someone asks for it...




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-03 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802102#comment-17802102
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

Lceeba commented on PR #2866:
URL: https://github.com/apache/drill/pull/2866#issuecomment-1875133737

   Unsubscribe
   
   On Wed, 3 Jan, 2024, 13:41 James Turton, ***@***.***> wrote:
   
   > DRILL-8415 : Upgrade
   > Jackson 2.14.3 → 2.16.1 Description
   >
   > The following should be investigated before merging.
   >
   > There are some security focused enhancements including a new class called
   > StreamReadConstraints. The defaults on StreamReadConstraints
   > 

   > are pretty high but it is not inconceivable that some Drill users might
   > need to relax them. Parsing large strings as numbers is sub-quadratic, thus
   > the default limit of 1000 chars or bytes (depending on input context).
   >
   > When the Drill team consider upgrading to Jackson 2.15 or above, you might
   > also want to consider adding some way for users to configure the
   > StreamReadConstraints.
   >
   > Documentation
   >
   > N/A
   > Testing
   >
   > Unit tests pass.
   > --
   > You can view, comment on, or merge this pull request online at:
   >
   >   https://github.com/apache/drill/pull/2866
   > Commit Summary
   >
   >- 827521f
   >

   >Upgrade Jackson 2.14.3 → 2.16.1.
   >
   > File Changes
   >
   > (1 file )
   >
   >- *M* pom.xml
   >

   >(2)
   >
   > Patch Links:
   >
   >- https://github.com/apache/drill/pull/2866.patch
   >- https://github.com/apache/drill/pull/2866.diff
   >
   > —
   > Reply to this email directly, view it on GitHub
   > , or unsubscribe
   > 

   > .
   > You are receiving this because you are subscribed to this thread.Message
   > ID: ***@***.***>
   >
   




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8415) Upgrade Jackson 2.14.3 → 2.16.1

2024-01-03 Thread ASF GitHub Bot (Jira) 


[ 
https://issues.apache.org/jira/browse/DRILL-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802047#comment-17802047
 ] 

ASF GitHub Bot commented on DRILL-8415:
---

jnturton opened a new pull request, #2866:
URL: https://github.com/apache/drill/pull/2866

   # [DRILL-8415](https://issues.apache.org/jira/browse/DRILL-8415): Upgrade 
Jackson 2.14.3 → 2.16.1
   
   ## Description
   
   The following should be investigated before merging.
   
   > There are some security focused enhancements including a new class called 
StreamReadConstraints. The defaults on 
[StreamReadConstraints](https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html)
 are pretty high but it is not inconceivable that some Drill users might need 
to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
default limit of 1000 chars or bytes (depending on input context).
   > 
   > When the Drill team consider upgrading to Jackson 2.15 or above, you might 
also want to consider adding some way for users to configure the 
StreamReadConstraints.
   
   ## Documentation
   N/A
   
   ## Testing
   Unit tests pass.
   




> Upgrade Jackson 2.14.3 → 2.16.1
> ---
>
> Key: DRILL-8415
> URL: https://issues.apache.org/jira/browse/DRILL-8415
> Project: Apache Drill
>  Issue Type: Improvement
>Affects Versions: 1.21.1
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 1.22.0
>
>
> I'm not advocating for an upgrade to [Jackson 
> 2.15|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15]. 
> 2.15.0-rc1 has just been released and 2.15.0 should be out soon.
> There are some security focused enhancements including a new class called 
> StreamReadConstraints. The defaults on 
> [StreamReadConstraints|https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html]
>  are pretty high but it is not inconceivable that some Drill users might need 
> to relax them. Parsing large strings as numbers is sub-quadratic, thus the 
> default limit of 1000 chars or bytes (depending on input context).
> When the Drill team consider upgrading to Jackson 2.15 or above, you might 
> also want to consider adding some way for users to configure the 
> StreamReadConstraints.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)