Jackson 2.13.0 release

Compatibility Changes

  • Java 8 is now the baseline for almost all modules (minus jackson-annotations, jackson-core (streaming API, json) and jackson-jr) — not a big change to users but does allow use of Java 8 constructs by Jackson 2.x components finally.
  • Javax/Jakarta compatibility improvements: a new set of components introduced along “old Javax” (JAXB, JAX-RS, JSON-P) support components — new ones have “jakarta” in their name (for Jakarta-XML-binding, Jakarta-rs, jakarta-jsonp and so on). This approach differs from 2.12 where some modules (JAXB, JAX-RS) offered Maven classifier-based variants.

New Functionality

There is now support for TOML textual format with jackson-dataformat-toml (included under jackson-dataformats-text Github repo). This functionality is most useful for reading .toml configuration files.

Dataformat improvements

Aside from core streaming (jackson-core) and databind ( jackson-databind), the vast majority of bug fixes and other improvements were for dataformat modules.

  • Avro: support for some Logical Types added
  • CBOR: much stricter checking of invalid content, error reporting (mostly issues found by OSS-Fuzz project)
  • CSV: a few bug fixes
  • Ion: one minor bug fix
  • Smile: similar to CBOR, stricter error checking (mostly for issues found by OSS-Fuzz)
  • XML: a lot of fixes to things like List deserialization, as well as some correctness issues OSS Fuzz found

Scala, Kotlin modules

Both Scala and Kotlin modules were also much improved: both had about a dozen fixes included. See respective 2.13 Release Notes sections for details.

What was left out, to be addressed in 2.14

One interesting question regarding scope of 2.13 is that of things that ended up getting left out due to timing:

  1. Rewrite of Property Introspection system — there are many well-known issues with handling of properties defined via @JsonCreator — and that cause issues with Java 14 Record types. I really hope to tackle this problem with 2.14.
  2. Addition of new more targeted “Feature” style on/off configuration: specifically for configuring handling of JsonNode , Java Enums and possibly Data/Time types (unified for Joda and Java 8 date/time types).
  3. Processing limits to help guard against certain types of Denial-of-Service attacks.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
@cowtowncoder

@cowtowncoder

377 Followers

Open Source developer, most known for Jackson data processor (nee “JSON library”), author of many, many other OSS libraries for Java, from ClassMate to Woodstox