Version 1.3.6 (UNRELEASED) -------------------------- This version mainly updates the build and introduces support for cross-compiling spray to ScalaJS and Scala Native, in addition to traditional Scala on the JVM. Source and binary compatibility with the previous release is maintained for the JVM project. However, ScalaJS and Scala Native versions do not implement reflective product formats, meaning that there are no more `jsonFormatX()` methods on these platforms. The overloaded method `jsonFormat(, *)` is still available and may be used as a workaround. Version 1.3.5 (2017-10-24) -------------------------- Security fix for several Denial Of Service vulnerabilities: - CVE-2018-18853: Limit the number of characters for numbers in the parser (#278) - CVE-2018-18854: Use TreeMap instead of HashMap for JsObject to prevent collision attacks (#277) - CVE-2018-18855: Fix uncontrolled recursion in parser by limiting nesting depth (#286) Thanks, [Andriy Plokhotnyuk](https://github.com/plokhotnyuk) who brought the first two issues to our attention. ## Migration Notes For some fixes, we added new limits to the parser: * Maximum depth of nested JSON values, defaults to 1000 * Maximum characters for number values, defaults to 100 We introduced a `JsonParserSettings` class which can be used to customize these limits. New overloads for `JsonParser.apply` and `String.parseJson` have been introduced to specify custom settings. Also, field ordering changed when printing a `JsValue`. Use `jsValue.sortedPrint` if you want to be sure fields are always ordered the same. Version 1.3.4 (2017-10-24) -------------------------- - Replace ClassManifest by ClassTag - Deprecate Pimp* classes and replace by Rich* Version 1.3.3 (2016-12-29) -------------------------- For Scala 2.12, this release brings no updates over 1.3.2 because the 2.12 release of 1.3.2 was released from a later version of the master branch. Version 1.3.3 brings the artifacts for Scala 2.10 and 2.11 also to this latest state. - Fixed decoding of 4-byte UTF-8 characters - Refactored UTF-8 decoding into better reusable superclass - Decode BigInt / BigDecimal values from JsString (#182) - Cross published for Scala 2.10.x, 2.11.x, and 2.12.x Version 1.3.2 (2015-05-06) -------------------------- - Fixed performance bottleneck in `ProductFormats::fromField` (#132) - Fixed multibyte chars at ix 0 of JSON String not being parsed correctly (#148) - Fixed automatic field name discovery for member names with mangled prefix (#142) - Reinstated deprecated `JsArray` and `JsObject` List-based constructors for backwards compatibility - Added standard `OptionFormat` type (#151) - Exposed field name in deserialization errors if possible - Improved name unmangling in ProductFormats (#138) - Introduced `JsObject.empty`, `JsArray.empty`, `JsString.empty` and `JsNumber.zero` (#143) - Made `JsonParser` require complete consumption of parsing input (#137) Version 1.3.1 (2014-10-28) -------------------------- - Fixed OutOfMemoryError when parsing unterminated JSON strings (#122) - Fixed member names not being unmangled in ProductsFormats (#120) Version 1.3.0 (2014-09-22) -------------------------- - Upgraded to Scala 2.11.2, dropped support for Scala 2.9 - Switched to fast, hand-written parser (#86, #108) - Removed dependency on parboiled - Changed parser to produce JsObject(HashMap) rather than JsObject(ListMap) - Switched JsArray(List) to JsArray(Vector) - Improved JsonPrinter to support printing to custom StringBuilder - Added support for parameter-less case classes (#41) Version 1.2.6 (2014-04-10) -------------------------- - Improved deserialization error message with name of malformed field (#62) - Fixed broken `tuple7Format` (#66) - Fixed parsing problem for invalid hex digits (#75) - Fixed `jsonFormat` method to ignore static fields (#76) - Fixed `JsonPrinter` unicode escaping to strictly match spec (#83, #46) - Fixed `null` handling in `JsString` (#70) - Opened up JsonPrinter methods to overriding by marking them `protected` - Deprecated `asJson` method in favor of `parseJson` (#89) - Added OSGi metadata - Upgraded to Scala 2.10.4 and parboiled 1.1.6, added cross-building for Scala 2.11 Version 1.2.5 (2013-05-31) -------------------------- - Extended `jsonFormat` support for case classes w/ > 15 parameters, closed #48 Version 1.2.4 (2013-05-13) -------------------------- - Upgraded to 2.10.1 and parboiled 1.1.5 - Added RootJsonFormats for JsObject and JsArray - Added a jsonFormat0 with support for 0-ary case classes, thx to Connor Doyle - Fixed automatic field name extraction with ignoring of transient fields - Slightly improved JSON rendering performance - Upgraded to SBT 0.12.3 Version 1.2.3 (2012-11-28) -------------------------- - Upgraded to 2.10.0-RC3 and parboiled 1.1.4 - Fixed rendering problem for certain unicode escapes Version 1.2.2 (2012-10-16) -------------------------- - Upgraded to parboiled 1.1.3 Version 1.2.1 (2012-10-15) -------------------------- - Upgraded to parboiled 1.1.2 - Cross-published for Scala 2.9.2 and Scala 2.10.0-RC1 Version 1.2 (2012-10-12) ------------------------ - Upgraded to Scala 2.9.2 and parboiled 1.1.1 - Renamed group id from "cc.spray" to "io.spray" - Renamed package from "cc.spray.json" to "spray.json" Version 1.1.1 (2012-03-13) -------------------------- - Fixed significant performance problem in JsonParser - Improved automatic field name extraction for case classes Version 1.1.0 (2012-02-01) -------------------------- - Added automatic case class field name extraction via new jsonFormatX overloads - Added 'asJson' extension method to Strings - Added RootJsonFormat (JsonFormat for types corresponding to JSON document roots) - Fixed problem of JSON object deserialization not being member-order independent (removed JsField, turned JsObject(List[JsField]) into JsObject(Map[String, JsValue])) - Fixed issue #8 (Allow (de)serialization of NaN (Double)), thx to @stefritz - Fixed #6 (rename JsValue:fromJson to 'convertTo', add .prettyPrint and .compactPrint) - Improved deserialization error messages - Upgraded to SBT 0.11.2 Version 1.0.1 (2011-10-04) -------------------------- - Upgraded to Scala 2.9.1 and parboiled 1.0.2 - Improved (de)serialization of optional case class members (may now be missing) - Added `NullOptions` trait for enforcing the serialization of `None` members as `null` - Improved compile time error messages with @implicitNotFound annotations - Improved documentation - Smaller fixes and additions Version 1.0.0 (2011-07-18) -------------------------- first public release