Comments (9)
Thanks for your reply, let me take a look this weekend
from json-smart-v2.
I guess the limitation was done due to this CVE the error was found under Jfrog.
So it seems to be necessary, however a patch version upgrade would not be sufficient for this breaking change imho.
This is also related to the issue #132
from json-smart-v2.
I think #133 can close this issue. Feel free to reopen it.
from json-smart-v2.
As I agree, that 400 should be enough depth, the argument still stands.
Shouldn't there be an option to override this default value?
from json-smart-v2.
@ColdFireIce I think it was hard coded to fix security problems. It's reasonable for users to override this default value
from json-smart-v2.
@ColdFireIce Since depth 400 is enough for mostly scenario. And now we only have one int param(premissive). I believe it can be scheduled in future version.
from json-smart-v2.
V2.4.10 is released.
wait for confirmation before closing the issue.
from json-smart-v2.
Thank you for the release. But this issue does not relate to the Problem in #132.
This issue here asks for a feature in the future to override the default value for the call-depth.
from json-smart-v2.
Okay, please provide me a case where anyone needs more than 400 call-depth.
If you find one we can add an argument to customize this limit.
from json-smart-v2.
Related Issues (20)
- Integrating json-smart-v2 into OSS-Fuzz HOT 1
- 2.4.9 breaks JSON parser HOT 3
- CVE-2023-1370 CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') HOT 4
- Accessors-smart is being reported against CVE-2023-1370 HOT 10
- net.minidev.json.parser.ParseException: Malicious payload, having non natural depths. HOT 8
- can suport graalvm-native? HOT 1
- Lacking org.hamcrest.Matcher helpers to perform assertion in unit tests HOT 5
- JSONObject.merge blocks overwriting HOT 1
- Unpack dependencies is failing: Negative time HOT 1
- Parsing partial and incomplete JSON without error HOT 1
- Maintain the precision of a decimal number. HOT 3
- ArrayIndexOutOfBoundsException in parser HOT 7
- Parent pom for 2.4.4 missing in Maven Central HOT 21
- support latest asm in accessor-smart HOT 4
- Unicode characters are not correctly parsed from byte[] if default charset is not UTF-8
- Signing key is not published HOT 3
- !!!URGENT!!! Upgrading to json-smart 2.4.5 causes missing dependency `net.minidev:accessors-smart:jar:2.4.3` HOT 3
- Java record support HOT 2
- Add a constructor with size parameter on JSONArray and JSONObject classes HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json-smart-v2.