jackson-core icon indicating copy to clipboard operation
jackson-core copied to clipboard

Published 20 hours ago verified publisher icon FasterXML

Request backport of fix for issue #1274 (NUL-corrupted keys, values on JSON serialization) to 2.15.x

Open jmannix-ot opened this issue 9 months ago • 7 comments

We believe we are experiencing issue #1274 (NUL-corrupted keys, values on JSON serialization) after upgrading our deployments to run on JRE 21. However, we are not in a position to be able to adopt the latest 2.18.x release at this time so we would like to request that the fix for the issue is backported to the 2.15.x release line. @cowtowncoder, could you please assist with this request?

jmannix-ot avatar Feb 27 '25 16:02 jmannix-ot

2.15 version is no longer maintained so I don't think we will do this.

cowtowncoder avatar Feb 27 '25 16:02 cowtowncoder

Thanks for the quick response. What is the earliest version you might be able to backport to? We're trying to maintain version compatibility with spring boot and we're currently on 3.2.

jmannix-ot avatar Feb 27 '25 16:02 jmannix-ot

Jackson 2.18 should be usable. API changes are minimal. Can you try it?

pjfanning avatar Feb 27 '25 17:02 pjfanning

Right, ideally this would not be backported-- while it may be safe change, it's something that just feels riskier than what should go in a patch. This is why it was included in 2.18.0 and not, say, on 2.17 branch.

At very least it'd be good to confirm change fixes issues seen.

If it does, I guess 2.17(.4) would be possibility as there are other fixes pending.

But with all of these, it's a question of priorization: not so much of backporting of the fix itself but rather creating a release. Full patch set takes 2-3 hours of my time (although sometimes we do micro-patches for individual components that takes maybe 15-30 minutes, depending), which is why I am hesitant to backporting things to earlier versions.

cowtowncoder avatar Feb 27 '25 18:02 cowtowncoder

We're currently working on the upgrade to spring boot 3.3 which is on jackson 2.17.x so having the fix backported to that release line would be helpful. In the meantime, we will test with 2.18 in an isolated service to confirm the fix and we might fork 2.15.x as a short term solution while we move to 2.17.

jmannix-ot avatar Feb 28 '25 09:02 jmannix-ot

@cowtowncoder did you have any further feedback on the possibility of backporting to 2.17.x?

jmannix-ot avatar Mar 25 '25 14:03 jmannix-ot

No updates; I think everyone who cares about this is part of discussion... I don't think there is strong objections, just general lack of time, focus on 3.0.0-rc2 work.

So this would be about merging:

https://github.com/FasterXML/jackson-core/commit/af5dc76268f86bb5a973ef615fbb13b508ad02e8

(roughly).

And then probably full release of:

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.17.4

but I'd need to find time to do that.

cowtowncoder avatar Mar 26 '25 00:03 cowtowncoder

I am guessing this is no longer needed? Closing -- may re-open if still needed.

cowtowncoder avatar Nov 07 '25 04:11 cowtowncoder