Skip to content

support jackson 2.19#1072

Merged
mkurz merged 1 commit intoplayframework:mainfrom
pjfanning:jackson-2.17
Jul 9, 2025
Merged

support jackson 2.19#1072
mkurz merged 1 commit intoplayframework:mainfrom
pjfanning:jackson-2.17

Conversation

@pjfanning
Copy link
Contributor

@pjfanning pjfanning commented Sep 5, 2024
edited by mkurz
Loading

Pull Request Checklist

  • Have you read through the contributor guidelines?
  • Have you squashed your commits?
  • Have you added copyright headers to new files?
  • Have you updated the documentation?
  • Have you added tests for any changed functionality?

Fixes

Fixes #xxxx

Purpose

There are issues with tests in playframework where some tests deliberately have deeply nested JSON. Jackson now defaults to a limit of 1000.
I would like to support overriding more of the StreamReadConstraints settings in Jackson but this is a start.

What does this PR do?

Background Context

Why did you take this approach?

References

Are there any relevant issues / PRs / mailing lists discussions?

@pjfanning pjfanning marked this pull request as draft September 5, 2024 00:47
@pjfanning pjfanning force-pushed the jackson-2.17 branch 2 times, most recently from 99b6f8a to 623041a Compare September 5, 2024 01:29
@pjfanning pjfanning marked this pull request as ready for review September 5, 2024 01:36
@pjfanning
Copy link
Contributor Author

pjfanning commented Sep 5, 2024

@mkurz does this look like a way forward for supporting Jackson 2.15 and above?

One extra change that I would like to make would be to change the visibility of the JacksonJson class to be scoped to [play] as opposed to just the [jackson] package - because 2 playframework tests need to be able to override the nesting depth limit.

@pjfanning pjfanning mentioned this pull request Oct 1, 2024
Closed
@pjfanning pjfanning force-pushed the jackson-2.17 branch 2 times, most recently from 6069685 to 47a69e7 Compare January 5, 2025 23:17
@pjfanning pjfanning closed this Jan 13, 2025
@pjfanning pjfanning deleted the jackson-2.17 branch January 13, 2025 19:26
@pjfanning pjfanning restored the jackson-2.17 branch January 13, 2025 19:27
@pjfanning pjfanning reopened this Jan 13, 2025
@pjfanning pjfanning changed the title support jackson 2.17 support jackson 2.18 Mar 18, 2025
@pjfanning pjfanning mentioned this pull request Mar 18, 2025
Closed
@tmccombs tmccombs mentioned this pull request May 20, 2025
Closed
5 tasks
@tmccombs
Copy link

tmccombs commented May 22, 2025

Anything I can do to help get this merged?

@pjfanning pjfanning changed the title support jackson 2.18 support jackson 2.19 Jun 15, 2025
@RFSurdsmanAtlassian
Copy link

RFSurdsmanAtlassian commented Jul 4, 2025

Hi, I am wondering whether we have any update on this? There is CVE-2025-52999 affecting the latest version of Play JSON and is any assistance (e.g. testing) required to get this over the line? Thanks

@pjfanning
Copy link
Contributor Author

pjfanning commented Jul 4, 2025

I published my own fork a while ago because this and another couple of PRs that I created are awaiting review - https://github.com/pjfanning/play-json.

This was referenced Jul 9, 2025
Closed
Closed
@pjfanning @mkurz
support jackson 2.17
3e6ec34 
more changes

Create PR1072.backwards.excludes

Update JsonConfig.scala

Update JacksonJson.scala

Update build.sbt

Update build.sbt

support overriding max string length
mkurz
mkurz approved these changes Jul 9, 2025
View reviewed changes
Copy link
Member

@mkurz mkurz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finally reviewed. LGTM, thanks!

@mkurz mkurz merged commit 8b641bb into playframework:main Jul 9, 2025
14 checks passed
This was referenced Jul 9, 2025
Closed
Closed
@mkurz
Copy link
Member

mkurz commented Jul 9, 2025

One extra change that I would like to make would be to change the visibility of the JacksonJson class to be scoped to [play] as opposed to just the [jackson] package - because 2 playframework tests need to be able to override the nesting depth limit.

Is this still needed?

@pjfanning
Copy link
Contributor Author

pjfanning commented Jul 9, 2025

One extra change that I would like to make would be to change the visibility of the JacksonJson class to be scoped to [play] as opposed to just the [jackson] package - because 2 playframework tests need to be able to override the nesting depth limit.

Is this still needed?

I can't recall at this stage. Maybe if you publish a snapshot of play-json, I could modify playframework/playframework#12662 to use the snapshot jar and see what tests are still broken.

@pjfanning pjfanning deleted the jackson-2.17 branch July 9, 2025 23:09
@mkurz
Copy link
Member

mkurz commented Jul 9, 2025

Maybe if you publish a snapshot of play-json, I could modify playframework/playframework#12662 to use the snapshot jar and see what tests are still broken.

3.1.0-M2 on its way: https://github.com/playframework/play-json/actions/runs/16182146711/job/45680878429
I am off to bed now ;) Thanks!

@mkurz mkurz mentioned this pull request Oct 10, 2025
Merged
This was referenced Oct 10, 2025
Merged
Merged
@mkurz mkurz mentioned this pull request Nov 4, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkurz mkurz mkurz approved these changes

+1 more reviewer

@seblm seblm seblm approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pjfanning @tmccombs @RFSurdsmanAtlassian @mkurz @seblm