1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
Version 1.3.6 (UNRELEASED)
--------------------------
This version mainly updates the build and introduces support for
cross-compiling spray to ScalaJS and Scala Native, in addition to
traditional Scala on the JVM.
Source and binary compatibility with the previous release is maintained
for the JVM project. However, ScalaJS and Scala Native versions do not
implement reflective product formats, meaning that there are no more
`jsonFormatX()` methods on these platforms. The overloaded method
`jsonFormat(<constructor>, <field_names>*)` is still available and may
be used as a workaround.
Version 1.3.5 (2017-10-24)
--------------------------
Security fix for several Denial Of Service vulnerabilities:
- CVE-2018-18853: Limit the number of characters for numbers in the parser (#278)
- CVE-2018-18854: Use TreeMap instead of HashMap for JsObject to prevent collision attacks (#277)
- CVE-2018-18855: Fix uncontrolled recursion in parser by limiting nesting depth (#286)
Thanks, [Andriy Plokhotnyuk](https://github.com/plokhotnyuk) who brought the first two issues to
our attention.
## Migration Notes
For some fixes, we added new limits to the parser:
* Maximum depth of nested JSON values, defaults to 1000
* Maximum characters for number values, defaults to 100
We introduced a `JsonParserSettings` class which can be used to customize these limits.
New overloads for `JsonParser.apply` and `String.parseJson` have been introduced to specify
custom settings.
Also, field ordering changed when printing a `JsValue`. Use `jsValue.sortedPrint` if you want
to be sure fields are always ordered the same.
Version 1.3.4 (2017-10-24)
--------------------------
- Replace ClassManifest by ClassTag
- Deprecate Pimp* classes and replace by Rich*
Version 1.3.3 (2016-12-29)
--------------------------
For Scala 2.12, this release brings no updates over 1.3.2 because the 2.12 release
of 1.3.2 was released from a later version of the master branch. Version 1.3.3
brings the artifacts for Scala 2.10 and 2.11 also to this latest state.
- Fixed decoding of 4-byte UTF-8 characters
- Refactored UTF-8 decoding into better reusable superclass
- Decode BigInt / BigDecimal values from JsString (#182)
- Cross published for Scala 2.10.x, 2.11.x, and 2.12.x
Version 1.3.2 (2015-05-06)
--------------------------
- Fixed performance bottleneck in `ProductFormats::fromField` (#132)
- Fixed multibyte chars at ix 0 of JSON String not being parsed correctly (#148)
- Fixed automatic field name discovery for member names with mangled prefix (#142)
- Reinstated deprecated `JsArray` and `JsObject` List-based constructors for backwards compatibility
- Added standard `OptionFormat` type (#151)
- Exposed field name in deserialization errors if possible
- Improved name unmangling in ProductFormats (#138)
- Introduced `JsObject.empty`, `JsArray.empty`, `JsString.empty` and `JsNumber.zero` (#143)
- Made `JsonParser` require complete consumption of parsing input (#137)
Version 1.3.1 (2014-10-28)
--------------------------
- Fixed OutOfMemoryError when parsing unterminated JSON strings (#122)
- Fixed member names not being unmangled in ProductsFormats (#120)
Version 1.3.0 (2014-09-22)
--------------------------
- Upgraded to Scala 2.11.2, dropped support for Scala 2.9
- Switched to fast, hand-written parser (#86, #108)
- Removed dependency on parboiled
- Changed parser to produce JsObject(HashMap) rather than JsObject(ListMap)
- Switched JsArray(List) to JsArray(Vector)
- Improved JsonPrinter to support printing to custom StringBuilder
- Added support for parameter-less case classes (#41)
Version 1.2.6 (2014-04-10)
--------------------------
- Improved deserialization error message with name of malformed field (#62)
- Fixed broken `tuple7Format` (#66)
- Fixed parsing problem for invalid hex digits (#75)
- Fixed `jsonFormat` method to ignore static fields (#76)
- Fixed `JsonPrinter` unicode escaping to strictly match spec (#83, #46)
- Fixed `null` handling in `JsString` (#70)
- Opened up JsonPrinter methods to overriding by marking them `protected`
- Deprecated `asJson` method in favor of `parseJson` (#89)
- Added OSGi metadata
- Upgraded to Scala 2.10.4 and parboiled 1.1.6, added cross-building for Scala 2.11
Version 1.2.5 (2013-05-31)
--------------------------
- Extended `jsonFormat` support for case classes w/ > 15 parameters, closed #48
Version 1.2.4 (2013-05-13)
--------------------------
- Upgraded to 2.10.1 and parboiled 1.1.5
- Added RootJsonFormats for JsObject and JsArray
- Added a jsonFormat0 with support for 0-ary case classes, thx to Connor Doyle
- Fixed automatic field name extraction with ignoring of transient fields
- Slightly improved JSON rendering performance
- Upgraded to SBT 0.12.3
Version 1.2.3 (2012-11-28)
--------------------------
- Upgraded to 2.10.0-RC3 and parboiled 1.1.4
- Fixed rendering problem for certain unicode escapes
Version 1.2.2 (2012-10-16)
--------------------------
- Upgraded to parboiled 1.1.3
Version 1.2.1 (2012-10-15)
--------------------------
- Upgraded to parboiled 1.1.2
- Cross-published for Scala 2.9.2 and Scala 2.10.0-RC1
Version 1.2 (2012-10-12)
------------------------
- Upgraded to Scala 2.9.2 and parboiled 1.1.1
- Renamed group id from "cc.spray" to "io.spray"
- Renamed package from "cc.spray.json" to "spray.json"
Version 1.1.1 (2012-03-13)
--------------------------
- Fixed significant performance problem in JsonParser
- Improved automatic field name extraction for case classes
Version 1.1.0 (2012-02-01)
--------------------------
- Added automatic case class field name extraction via new jsonFormatX overloads
- Added 'asJson' extension method to Strings
- Added RootJsonFormat (JsonFormat for types corresponding to JSON document roots)
- Fixed problem of JSON object deserialization not being member-order independent
(removed JsField, turned JsObject(List[JsField]) into JsObject(Map[String, JsValue]))
- Fixed issue #8 (Allow (de)serialization of NaN (Double)), thx to @stefritz
- Fixed #6 (rename JsValue:fromJson to 'convertTo', add .prettyPrint and .compactPrint)
- Improved deserialization error messages
- Upgraded to SBT 0.11.2
Version 1.0.1 (2011-10-04)
--------------------------
- Upgraded to Scala 2.9.1 and parboiled 1.0.2
- Improved (de)serialization of optional case class members (may now be missing)
- Added `NullOptions` trait for enforcing the serialization of `None` members as `null`
- Improved compile time error messages with @implicitNotFound annotations
- Improved documentation
- Smaller fixes and additions
Version 1.0.0 (2011-07-18)
--------------------------
first public release
|
