-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fastjson 经常出漏洞问题 建议替换fastjson或者增加其他json库适配 #1522
Comments
Strongly agree. |
@jasonjoo2010 @cdfive @linlinisme @zhaoyuguang Any thoughts? |
Im ok about that. As i knew before So is there any other insecure feature or other reason that it should be abandoned? |
According to this doc https://github.com/alibaba/fastjson/wiki/security_update_20200601 , it seems like even if we enable
|
Oh, i see and thank you for your information. We indeed can make adaptions to kinds of json parsers like fastjson, jackson, gson, etc. So my another proposal besides adaptions is that is it necessary to alter a Adaptions is straightforward and good i should say. |
So any update? |
So is it necessary to recall the PR from the long river of the time? |
Yes! |
Yes, some customers are already repulsed by the passive mass upgrade that FASTJSON brings,thanks! |
source的读取是可以自定义json库读取的 但是在sentinel-transport-common中是依赖fastjson的 这里能否替代掉 或者可适配其他json库
The text was updated successfully, but these errors were encountered: