Skip to content

JSTEP

Jump to bottom
Tatu Saloranta edited this page Jun 2, 2024 · 39 revisions

Jackson STrategic Enhancement Proposals (JSTEP)

With Jackson 3, we want to start experimenting with something like "Jackson Big Ideas", maybe similar to Kafka KIPs. Not unlike IETF RFCs, but bit smaller documents.

Name chosen (back in 2017) is "JSTEP" (Jackson STrategic Enhancement Proposal") and seems to work.

Implemented JSTEPS

  • JSTEP-4: Replace checked JsonProcessingException with unchecked JacksonException

Proposed JSTEPs

  1. Major version upgrade details: JSTEP-1
  2. Jackson 3 default setting, behavior changes: JSTEP-2
  3. JsonNode improvements JSTEP-3
  4. -- completed --
  5. Unify Date/Time handling, formats, defaults across JDK Classic, Joda and Java 8 date/time: JSTEP-5
  6. Jackson 3 Big Renaming of Core Entities: JSTEP-6
  7. More modular on/off "Feature"s beyond existing mapper/ser/deser: JSTEP-7
    • Date/Time settings?

JSTEPs considered

Processing Limits

Add some kind of processing limits for accepted input (max depth of nesting, number of keys per Object), to protected against DoS attacks. Similar to (for example), Woodstox' limits.

This was actually implemented without writing separate JSTEP entry; initial work for Jackson 2.15. Relevant initial issues include:

Separate Tree Model for jackson-dataformat-xml

Add proper Tree Model for jackson-dataformat-xml (instead, minor improvements to existing JsonNode, like auto-conversion of ObjectNode to ArrayNode

  • Made bit less necessary by 2.12 work to support implicit coercion of sequences into ArrayNode (dataformat-xml#403)
  • Other reasons still exist so this may yet be added

Sources for new JSTEPs

Although any improvement idea can become a JSTEP, one good source is Major Design/Implementation Issues, which lists areas where current design limits implementation improvements.

Also, "most-wanted" labeled issues are a potential source:

Clone this wiki locally