Title: Bump com.alibaba:fastjson from 1.2.24 to 1.2.83 by dependabot[bot] · Pull Request #7 · vulnerable-code/java-sec-code · GitHub
Open Graph Title: Bump com.alibaba:fastjson from 1.2.24 to 1.2.83 by dependabot[bot] · Pull Request #7 · vulnerable-code/java-sec-code
X Title: Bump com.alibaba:fastjson from 1.2.24 to 1.2.83 by dependabot[bot] · Pull Request #7 · vulnerable-code/java-sec-code
Description: Bumps com.alibaba:fastjson from 1.2.24 to 1.2.83.
Release notes
Sourced from com.alibaba:fastjson's releases.
FASTJSON 1.2.83版本发布(安全修复)
这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户尽快采取安全措施保障系统安全。
安全修复方案 :https://github.com/alibaba/fastjson/wiki/security_update_20220523
FASTJSON2已经发布并且提供兼容包,性能更好也更安全,升级指南 https://github.com/alibaba/fastjson2/wiki/fastjson_1_upgrade_cn
Issues
安全加固
修复JDK17下setAccessible报错的问题 #4077
下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/
文档 https://github.com/alibaba/fastjson/wiki/常见问题
源码 https://github.com/alibaba/fastjson/tree/1.2.83
2.0.x Releases https://github.com/alibaba/fastjson2/releases
fastjson 1.2.79版本发布,BUG修复
这又是一个bug fixed的版本,大家按需升级
Issues
修复引入MethodInheritanceComparator导致某些场景序列化报错的问题
增强JDK 9兼容
修复JSONArray/JSONObject的equals方法在内部对象map/list相同时不直接返回true的问题
相关链接
下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.79/
文档 https://github.com/alibaba/fastjson/wiki/常见问题
源码 https://github.com/alibaba/fastjson/tree/1.2.79
fastjson 1.2.76版本发布,BUG修复增强兼容
这又是一个bug fixed的版本,大家按需升级
Issues
修复一些直接抛RuntimeException的问题 #3631
parser自动识别gzip bytes #3614
修复Throwable继承类属性不支持自动类型转换问题 #3217
修复PrettyFormat情况下引用计算不对的问题 #3672
修复AutoType不兼容LinkedHashMap的问题
增强对Enum类型的自定类型转换
修复deserializeUsing在泛型某些场景不能正常工作的问题 #3693
提升JSONReader性能,减少小对象创建 #3627
增强对JSONPath对filter的支持 #3629
JSONPath支持忽略NullValue的选项 #3607
增强对定制化enum的支持 #3601
增强对java.time.Instant和org.joda.time.Instant的支持 #3539
修复Parser某些场景不能识别引用的问题
相关链接
下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.76/
文档 https://github.com/alibaba/fastjson/wiki/常见问题
... (truncated)
Commits
26f13f8 1.2.83
8f3410f bug fix for autotype
cd3c2de improved jdk8 java.time support
c63866e remove unused import
35db4ad bug fix for autoType
3f009e1 Merge pull request #4085 from hengyunabc/fix_setAccessible
dd3de5f fix InaccessibleObjectException in jdk17. #4077
a234f9a Merge pull request #4084 from alibaba/revert-4078-master
0814909 Revert "fix InaccessibleObjectException in jdk17. #4077"
ab82d0b Merge pull request #4078 from hengyunabc/master
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps com.alibaba:fastjson from 1.2.24 to 1.2.83. Release notes Sourced from com.alibaba:fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户...
X Description: Bumps com.alibaba:fastjson from 1.2.24 to 1.2.83. Release notes Sourced from com.alibaba:fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjs...
Opengraph URL: https://github.com/vulnerable-code/java-sec-code/pull/7
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:bb22b82b-d2a9-e367-d377-b01dbba1e11c |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | C440:30EA87:2603AE0:3739012:6A5655CD |
| html-safe-nonce | 6bb605c5511fe2dc7c8ef424ffc1819e4cd033a6c09677d46ea8b2b954bd1634 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDNDQwOjMwRUE4NzoyNjAzQUUwOjM3MzkwMTI6NkE1NjU1Q0QiLCJ2aXNpdG9yX2lkIjoiMTk2MjU0MjM4Mzc4ODA4NjczMyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 79a75ba3b42b276e491b05a3c6f92d153f0fe6ccf48d3d0879984f449104d98e |
| hovercard-subject-tag | pull_request:3160702964 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/vulnerable-code/java-sec-code/pull/7/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps com.alibaba:fastjson from 1.2.24 to 1.2.83. Release notes Sourced from com.alibaba:fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | cffc1b7eb44a3dbb1e61c2a0523cad1f04e0368d730bf85ac498c992baf19e7d |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/vulnerable-code/java-sec-code git https://github.com/vulnerable-code/java-sec-code.git |
| octolytics-dimension-user_id | 150022265 |
| octolytics-dimension-user_login | vulnerable-code |
| octolytics-dimension-repository_id | 715047833 |
| octolytics-dimension-repository_nwo | vulnerable-code/java-sec-code |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 115394871 |
| octolytics-dimension-repository_parent_nwo | JoyChou93/java-sec-code |
| octolytics-dimension-repository_network_root_id | 115394871 |
| octolytics-dimension-repository_network_root_nwo | JoyChou93/java-sec-code |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 233d2274d9c68198aa6cb23d1db680b5c0b58bba |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width