Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jackson behavior change in 2.15 can disrupt eventbus #5489

Closed
pmlopes opened this issue Feb 26, 2025 · 2 comments · Fixed by #5492
Closed

Jackson behavior change in 2.15 can disrupt eventbus #5489

pmlopes opened this issue Feb 26, 2025 · 2 comments · Fixed by #5492
Assignees
@vietj
Labels
bug
Milestone
4.5.14

Comments

@pmlopes
Copy link
Contributor

pmlopes commented Feb 26, 2025

Version

Which version(s) did you encounter this bug ?

  • 4.5.x
  • 5.x

Context

I encountered an exception which looks suspicious while transporting a large JSON payload over the eventbus. When the jackson library was updated to >= 2.15

The issue is related to: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15#processing-limits

Jackson now imposes default limits on encode/decode for security reasons. However there is no obvious way to address those exceptions being bubbled from:

https://github.com/eclipse-vertx/vert.x/blob/master/vertx-core/src/main/java/io/vertx/core/eventbus/impl/codecs/JsonObjectMessageCodec.java#L34

Do you have a reproducer?

new JsonObject(... very large string say >20Mb)

Should throw a DecodeException which steam from the new settings:

https://github.com/FasterXML/jackson-core/blob/2.19/src/main/java/com/fasterxml/jackson/core/StreamReadConstraints.java

Extra

A fix would be to have a way to control the JsonFactory here:

https://github.com/eclipse-vertx/vert.x/blob/master/vertx-core/src/main/java/io/vertx/core/json/jackson/JacksonCodec.java#L51
@pmlopes pmlopes added the bug label Feb 26, 2025
@vietj
Copy link
Member

vietj commented Feb 26, 2025

thanks for reporting, the only way I think we can address configurability is using system properties to control that since this is a static declaration

@vietj vietj added this to the 4.5.14 milestone Feb 26, 2025
@vietj vietj self-assigned this Feb 26, 2025
@vietj
Copy link
Member

vietj commented Feb 26, 2025

See #5490 for master

@vietj vietj linked a pull request Feb 27, 2025 that will close this issue
Vert.x Jackson json factory read constraint configuration should be overridable #5492
Merged
@vietj vietj closed this as completed Feb 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vietj vietj

Labels
bug
Projects
None yet
Milestone
4.5.14
Development

Successfully merging a pull request may close this issue.

Vert.x Jackson json factory read constraint configuration should be overridable eclipse-vertx/vert.x
2 participants
@vietj @pmlopes