[Git][java-team/msgpack-java][master] 3 commits: New upstream version 0.8.18
Andrius Merkys
gitlab at salsa.debian.org
Mon Nov 11 11:38:28 GMT 2019
Andrius Merkys pushed to branch master at Debian Java Maintainers / msgpack-java
Commits:
97307ab1 by Andrius Merkys at 2019-11-11T11:05:59Z
New upstream version 0.8.18
- - - - -
fc5be037 by Andrius Merkys at 2019-11-11T11:06:00Z
Update upstream source from tag 'upstream/0.8.18'
Update to upstream version '0.8.18'
with Debian dir bddbbf3838bba24f33679ef7d6a7cac9cc0c165f
- - - - -
1430f879 by Andrius Merkys at 2019-11-11T11:06:19Z
Packaging new upstream release.
- - - - -
10 changed files:
- .travis.yml
- README.md
- RELEASE_NOTES.md
- build.sbt
- debian/changelog
- msgpack-jackson/README.md
- msgpack-jackson/src/test/java/org/msgpack/jackson/dataformat/MessagePackGeneratorTest.java
- project/build.properties
- project/plugins.sbt
- version.sbt
Changes:
=====================================
.travis.yml
=====================================
@@ -1,5 +1,8 @@
language: scala
+# With xenial, `Installing oraclejdk8` fails due to "Expected feature release number in range of 9 to 14, but got: 8"
+dist: trusty
+
cache:
directories:
- $HOME/.m2/repository/
=====================================
README.md
=====================================
@@ -42,6 +42,8 @@ dependencies {
- [Usage examples](msgpack-core/src/test/java/org/msgpack/core/example/MessagePackExample.java)
+### Integration with Jackson ObjectMapper (jackson-databind)
+
msgpack-java supports serialization and deserialization of Java objects through [jackson-databind](https://github.com/FasterXML/jackson-databind).
For details, see [msgpack-jackson/README.md](msgpack-jackson/README.md). The template-based serialization mechanism used in v06 is deprecated.
=====================================
RELEASE_NOTES.md
=====================================
@@ -1,5 +1,9 @@
# Release Notes
+## 0.8.18
+ * (internal) Update sbt related dependencies [#507](https://github.com/msgpack/msgpack-java/pull/507)
+ * Use jackson-databind 2.9.9.3 for security vulnerability [#511](https://github.com/msgpack/msgpack-java/pull/511)
+
## 0.8.17
* Fix OOM exception for invalid msgpack messages [#500](https://github.com/msgpack/msgpack-java/pull/500)
* Use jackson-databind 2.9.9 for security vulnerability [#505](https://github.com/msgpack/msgpack-java/pull/505)
=====================================
build.sbt
=====================================
@@ -5,7 +5,7 @@ val buildSettings = Seq[Setting[_]](
organizationName := "MessagePack",
organizationHomepage := Some(new URL("http://msgpack.org/")),
description := "MessagePack for Java",
- scalaVersion := "2.12.4",
+ scalaVersion := "2.12.8",
logBuffered in Test := false,
// msgpack-java should be a pure-java library, so remove Scala specific configurations
autoScalaLibrary := false,
@@ -93,12 +93,12 @@ lazy val msgpackCore = Project(id = "msgpack-core", base = file("msgpack-core"))
libraryDependencies ++= Seq(
// msgpack-core should have no external dependencies
junitInterface,
- "org.scalatest" %% "scalatest" % "3.0.3" % "test",
- "org.scalacheck" %% "scalacheck" % "1.13.5" % "test",
+ "org.scalatest" %% "scalatest" % "3.0.8" % "test",
+ "org.scalacheck" %% "scalacheck" % "1.14.0" % "test",
"org.xerial" %% "xerial-core" % "3.6.0" % "test",
"org.msgpack" % "msgpack" % "0.6.12" % "test",
- "commons-codec" % "commons-codec" % "1.10" % "test",
- "com.typesafe.akka" %% "akka-actor" % "2.5.7" % "test"
+ "commons-codec" % "commons-codec" % "1.12" % "test",
+ "com.typesafe.akka" %% "akka-actor" % "2.5.23" % "test"
)
)
@@ -115,7 +115,7 @@ lazy val msgpackJackson =
"org.msgpack.jackson.dataformat"
),
libraryDependencies ++= Seq(
- "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9",
+ "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9.3",
junitInterface,
"org.apache.commons" % "commons-math3" % "3.6.1" % "test"
),
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+msgpack-java (0.8.18-1) unstable; urgency=medium
+
+ * New upstream version 0.8.18
+
+ -- Andrius Merkys <merkys at debian.org> Mon, 11 Nov 2019 06:06:05 -0500
+
msgpack-java (0.8.17-1) unstable; urgency=medium
* Initial release (Closes: #940033)
=====================================
msgpack-jackson/README.md
=====================================
@@ -315,3 +315,42 @@ When you want to use non-String value as a key of Map, use `MessagePackKeySerial
System.out.println(objectMapper.readValue(bytes, Object.class));
// => Java
```
+
+### Serialize a nested object that also serializes
+
+When you serialize an object that has a nested object also serializing with ObjectMapper and MessagePackFactory like the following code, it throws NullPointerException since the nested MessagePackFactory modifies a shared state stored in ThreadLocal.
+
+```java
+ @Test
+ public void testNestedSerialization() throws Exception
+ {
+ ObjectMapper objectMapper = new ObjectMapper(new MessagePackFactory());
+ objectMapper.writeValueAsBytes(new OuterClass());
+ }
+
+ public class OuterClass
+ {
+ public String getInner() throws JsonProcessingException
+ {
+ ObjectMapper m = new ObjectMapper(new MessagePackFactory());
+ m.writeValueAsBytes(new InnerClass());
+ return "EFG";
+ }
+ }
+
+ public class InnerClass
+ {
+ public String getName()
+ {
+ return "ABC";
+ }
+ }
+```
+
+There are a few options to fix this issue, but they introduce performance degredations while this usage is a corner case. A workaround that doesn't affect performance is to call `MessagePackFactory#setReuseResourceInGenerator(false)`. It might be inconvenient to call the API for users, but it's a reasonable tradeoff with performance for now.
+
+```java
+ ObjectMapper objectMapper = new ObjectMapper(
+ new MessagePackFactory().setReuseResourceInGenerator(false));
+```
+
=====================================
msgpack-jackson/src/test/java/org/msgpack/jackson/dataformat/MessagePackGeneratorTest.java
=====================================
@@ -15,6 +15,7 @@
//
package org.msgpack.jackson.dataformat;
+import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonEncoding;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -884,4 +885,54 @@ public class MessagePackGeneratorTest
MessagePack.newDefaultUnpacker(objectMapper.writeValueAsBytes(bi)).unpackDouble(),
is(bi.doubleValue()));
}
+
+ @Test
+ public void testNestedSerialization() throws Exception
+ {
+ // The purpose of this test is to confirm if MessagePackFactory.setReuseResourceInGenerator(false)
+ // works as a workaround for https://github.com/msgpack/msgpack-java/issues/508
+ ObjectMapper objectMapper = new ObjectMapper(new MessagePackFactory().setReuseResourceInGenerator(false));
+ OuterClass outerClass = objectMapper.readValue(
+ objectMapper.writeValueAsBytes(new OuterClass("Foo")),
+ OuterClass.class);
+ assertEquals("Foo", outerClass.getName());
+ }
+
+ static class OuterClass
+ {
+ private final String name;
+
+ public OuterClass(@JsonProperty("name") String name)
+ {
+ this.name = name;
+ }
+
+ public String getName()
+ throws IOException
+ {
+ // Serialize nested class object
+ ObjectMapper objectMapper = new ObjectMapper(new MessagePackFactory());
+ InnerClass innerClass = objectMapper.readValue(
+ objectMapper.writeValueAsBytes(new InnerClass("Bar")),
+ InnerClass.class);
+ assertEquals("Bar", innerClass.getName());
+
+ return name;
+ }
+ }
+
+ static class InnerClass
+ {
+ private final String name;
+
+ public InnerClass(@JsonProperty("name") String name)
+ {
+ this.name = name;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+ }
}
=====================================
project/build.properties
=====================================
@@ -1,2 +1,2 @@
-sbt.version=1.0.4
+sbt.version=1.2.8
=====================================
project/plugins.sbt
=====================================
@@ -1,11 +1,11 @@
-addSbtPlugin("com.github.gseitz" % "sbt-release" % "1.0.7")
-addSbtPlugin("org.xerial.sbt" % "sbt-sonatype" % "2.0")
-addSbtPlugin("com.jsuereth" % "sbt-pgp" % "1.1.0")
+addSbtPlugin("com.github.gseitz" % "sbt-release" % "1.0.11")
+addSbtPlugin("org.xerial.sbt" % "sbt-sonatype" % "2.5")
+addSbtPlugin("com.jsuereth" % "sbt-pgp" % "1.1.2")
addSbtPlugin("com.github.sbt" % "sbt-findbugs" % "2.0.0")
addSbtPlugin("com.github.sbt" % "sbt-jacoco" % "3.0.3")
-addSbtPlugin("org.xerial.sbt" % "sbt-jcheckstyle" % "0.2.0")
-addSbtPlugin("com.typesafe.sbt" % "sbt-osgi" % "0.9.2")
-addSbtPlugin("io.get-coursier" % "sbt-coursier" % "1.0.0")
-addSbtPlugin("com.geirsson" % "sbt-scalafmt" % "1.4.0")
+addSbtPlugin("org.xerial.sbt" % "sbt-jcheckstyle" % "0.2.1")
+addSbtPlugin("com.typesafe.sbt" % "sbt-osgi" % "0.9.5")
+addSbtPlugin("io.get-coursier" % "sbt-coursier" % "1.0.3")
+addSbtPlugin("com.geirsson" % "sbt-scalafmt" % "1.5.1")
scalacOptions ++= Seq("-deprecation", "-feature")
=====================================
version.sbt
=====================================
@@ -1 +1 @@
-version in ThisBuild := "0.8.17"
+version in ThisBuild := "0.8.18"
View it on GitLab: https://salsa.debian.org/java-team/msgpack-java/compare/9b81a68e34ee1322af61558ecfb469eb12009bfa...1430f879261508f848382a818190b8badea40fb2
--
View it on GitLab: https://salsa.debian.org/java-team/msgpack-java/compare/9b81a68e34ee1322af61558ecfb469eb12009bfa...1430f879261508f848382a818190b8badea40fb2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20191111/cde398b8/attachment.html>
More information about the pkg-java-commits
mailing list