Skip to content

Latest commit

 

History

History
164 lines (123 loc) · 6.11 KB

CHANGELOG.md

File metadata and controls

164 lines (123 loc) · 6.11 KB
Raw

Version 1.3.6 (2020-11-10)

  • Preserve order of iterable in viaSeq in Scala 2.13 (#330)
  • Throw instead of overflowing silently when numeric values are out of range for the target type (#208)
  • Convert Float to JsNumber directly without going through Double (#241)
  • Build with latest Scala versions (#334)

Version 1.3.5 (2017-10-24)

Security fix for several Denial Of Service vulnerabilities:

  • CVE-2018-18853: Limit the number of characters for numbers in the parser (#278)
  • CVE-2018-18854: Use TreeMap instead of HashMap for JsObject to prevent collision attacks (#277)
  • CVE-2018-18855: Fix uncontrolled recursion in parser by limiting nesting depth (#286)

Thanks, Andriy Plokhotnyuk who brought the first two issues to our attention.

Migration Notes

For some fixes, we added new limits to the parser:

  • Maximum depth of nested JSON values, defaults to 1000
  • Maximum characters for number values, defaults to 100

We introduced a JsonParserSettings class which can be used to customize these limits. New overloads for JsonParser.apply and String.parseJson have been introduced to specify custom settings.

Version 1.3.4 (2017-10-24)

  • Replace ClassManifest by ClassTag
  • Deprecate Pimp* classes and replace by Rich*

Version 1.3.3 (2016-12-29)

For Scala 2.12, this release brings no updates over 1.3.2 because the 2.12 release of 1.3.2 was released from a later version of the master branch. Version 1.3.3 brings the artifacts for Scala 2.10 and 2.11 also to this latest state.

  • Fixed decoding of 4-byte UTF-8 characters
  • Refactored UTF-8 decoding into better reusable superclass
  • Decode BigInt / BigDecimal values from JsString (#182)
  • Cross published for Scala 2.10.x, 2.11.x, and 2.12.x

Version 1.3.2 (2015-05-06)

  • Fixed performance bottleneck in ProductFormats::fromField (#132)
  • Fixed multibyte chars at ix 0 of JSON String not being parsed correctly (#148)
  • Fixed automatic field name discovery for member names with mangled prefix (#142)
  • Reinstated deprecated JsArray and JsObject List-based constructors for backwards compatibility
  • Added standard OptionFormat type (#151)
  • Exposed field name in deserialization errors if possible
  • Improved name unmangling in ProductFormats (#138)
  • Introduced JsObject.empty, JsArray.empty, JsString.empty and JsNumber.zero (#143)
  • Made JsonParser require complete consumption of parsing input (#137)

Version 1.3.1 (2014-10-28)

  • Fixed OutOfMemoryError when parsing unterminated JSON strings (#122)
  • Fixed member names not being unmangled in ProductsFormats (#120)

Version 1.3.0 (2014-09-22)

  • Upgraded to Scala 2.11.2, dropped support for Scala 2.9
  • Switched to fast, hand-written parser (#86, #108)
  • Removed dependency on parboiled
  • Changed parser to produce JsObject(HashMap) rather than JsObject(ListMap)
  • Switched JsArray(List) to JsArray(Vector)
  • Improved JsonPrinter to support printing to custom StringBuilder
  • Added support for parameter-less case classes (#41)

Version 1.2.6 (2014-04-10)

  • Improved deserialization error message with name of malformed field (#62)
  • Fixed broken tuple7Format (#66)
  • Fixed parsing problem for invalid hex digits (#75)
  • Fixed jsonFormat method to ignore static fields (#76)
  • Fixed JsonPrinter unicode escaping to strictly match spec (#83, #46)
  • Fixed null handling in JsString (#70)
  • Opened up JsonPrinter methods to overriding by marking them protected
  • Deprecated asJson method in favor of parseJson (#89)
  • Added OSGi metadata
  • Upgraded to Scala 2.10.4 and parboiled 1.1.6, added cross-building for Scala 2.11

Version 1.2.5 (2013-05-31)

  • Extended jsonFormat support for case classes w/ > 15 parameters, closed #48

Version 1.2.4 (2013-05-13)

  • Upgraded to 2.10.1 and parboiled 1.1.5
  • Added RootJsonFormats for JsObject and JsArray
  • Added a jsonFormat0 with support for 0-ary case classes, thx to Connor Doyle
  • Fixed automatic field name extraction with ignoring of transient fields
  • Slightly improved JSON rendering performance
  • Upgraded to SBT 0.12.3

Version 1.2.3 (2012-11-28)

  • Upgraded to 2.10.0-RC3 and parboiled 1.1.4
  • Fixed rendering problem for certain unicode escapes

Version 1.2.2 (2012-10-16)

  • Upgraded to parboiled 1.1.3

Version 1.2.1 (2012-10-15)

  • Upgraded to parboiled 1.1.2
  • Cross-published for Scala 2.9.2 and Scala 2.10.0-RC1

Version 1.2 (2012-10-12)

  • Upgraded to Scala 2.9.2 and parboiled 1.1.1
  • Renamed group id from "cc.spray" to "io.spray"
  • Renamed package from "cc.spray.json" to "spray.json"

Version 1.1.1 (2012-03-13)

  • Fixed significant performance problem in JsonParser
  • Improved automatic field name extraction for case classes

Version 1.1.0 (2012-02-01)

  • Added automatic case class field name extraction via new jsonFormatX overloads
  • Added 'asJson' extension method to Strings
  • Added RootJsonFormat (JsonFormat for types corresponding to JSON document roots)
  • Fixed problem of JSON object deserialization not being member-order independent (removed JsField, turned JsObject(List[JsField]) into JsObject(Map[String, JsValue]))
  • Fixed issue #8 (Allow (de)serialization of NaN (Double)), thx to @stefritz
  • Fixed #6 (rename JsValue:fromJson to 'convertTo', add .prettyPrint and .compactPrint)
  • Improved deserialization error messages
  • Upgraded to SBT 0.11.2

Version 1.0.1 (2011-10-04)

  • Upgraded to Scala 2.9.1 and parboiled 1.0.2
  • Improved (de)serialization of optional case class members (may now be missing)
  • Added NullOptions trait for enforcing the serialization of None members as null
  • Improved compile time error messages with @implicitNotFound annotations
  • Improved documentation
  • Smaller fixes and additions

Version 1.0.0 (2011-07-18)

first public release