Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#3305 - fix default CharSequence serialization #3332

Closed
wants to merge 1 commit into from
Closed

#3305 - fix default CharSequence serialization #3332

wants to merge 1 commit into from

Conversation

seregamorph
Copy link

@seregamorph seregamorph commented Nov 23, 2021
edited
Loading

Fixes #3305 and #3331 (dup).

seregamorph
seregamorph commented Nov 23, 2021
View reviewed changes
src/main/java/com/fasterxml/jackson/databind/ser/BeanSerializerFactory.java
* Helper method that will remove all properties that are added by default JDK methods,
* e.g. java.lang.CharSequence.isEmpty() (since JDK 15).
*/
private void removeDefaultProperties(List<BeanPropertyWriter> properties)
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not quite sure about the policy with new protected methods, so I minimized the visibility for the first iteration

@cowtowncoder
Copy link
Member

Thank you @seregamorph! I think the idea of the fix is sound -- I may want to tweak details a bit, but this makes sense to me. I'll add this on my TODO list: lately my time on Jackson has been severely limited and so it may take a while to get this processed, but I wanted to add a note that it is on my radar.

@seregamorph seregamorph changed the title #3331 - fix default CharSequence serialization #3305 - fix default CharSequence serialization Nov 23, 2021
@seregamorph
Copy link
Author

Sure, thanks.

@seregamorph
Copy link
Author

@cowtowncoder I have a feeling that you plan to release the version soon with CVE. Can you please include this fix as well? We need it in our project. Thanks

@cowtowncoder
Copy link
Member

@seregamorph Yes, I will definitely get this fix included first. It is next one on my list.

@cowtowncoder
Copy link
Member

Thank you @seregamorph! I used this approach, only changing some of minor details (after checking if there might be other places to get rid of the property, finding no better one) -- thank you for suggesting the fix. I'll close the PR; fix will go in 2.13.1, which should be released some time this month (December 2021).

@seregamorph
Copy link
Author

@cowtowncoder great, thanks!
Two questions:

  1. Do you plan to backport it to 2.12.x as well? There is at least one good reason for it - spring-boot 2.5.7 depends on jackson 2.12.5 and on the same time spring-boot 2.5 is compatible with JDK 17. 2.5.x will probably be yet updated and I don't think they will do major version upgrade in scope of 2.5.x.
  2. I'd recommend to include the test that I made as well (or something like it), in the future it can prevent possible regression.

@cowtowncoder
Copy link
Member

I wasn't think of backporting, but maybe I should. Hard to gauge how important the fix is, vs. any potential regression.

As to test, yes, I added it, I think under src/test-jdk14. Although I realize now that it need not actually go there as it does not actually need more recent jdks (jdk14 just happened to already exist)

@cowtowncoder
Copy link
Member

Patch was included in:

  • 2.13.1
  • 2.12.6

@seregamorph seregamorph deleted the fix-charsequence-serialize branch July 8, 2023 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seregamorph @cowtowncoder