ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/Changes
(Generate patch)

Comparing JSON-XS/Changes (file contents):
Revision 1.18 by root, Sat Mar 24 22:57:12 2007 UTC vs.
Revision 1.194 by root, Wed Nov 9 11:47:12 2022 UTC

1Revision history for Perl extension JSON::XS 1Revision history for Perl extension JSON::XS
2 2
3TODO: allow a configurable recursion limit and/or or other forms of resource limiting (string size, memory usage...) 3TODO: maybe detect and croak on more invalid inputs (e.g. +-inf/nan)
4TODO: maybe simply use \0 and \1 as true/false when encoding (and overloaded/blessed versions thereof on 4TODO: maybe avoid the reblessing and better support readonly objects.
5 decoding?) 5TODO: how to cope with tagged values and standard json decoders
6TODO: investigate magic (Eric Brine)
7TODO: [PATCH] Types::Serialiser: Inline true(), false() and error() functions
8TODO: replace bool_stash by BOOL_STASH seems to work with mod_perl, make a compile time option?
6 9
70.7 10TODO: validate_utf8, apparewntly some people confuse themselves.
11TODO: security considerations
12
134.03 Tue Oct 27 19:05:01 CET 2020
14 - when parsing comments in relaxed mode, JSON::XS would detect garbage
15 after the JSON text if the comment is after the end and does not end in
16 a newline (reported by Felipe Gasper).
17
184.02 Wed Mar 6 08:31:24 CET 2019
19 - undo the fix from 4.01, it breaks more things than it fixes
20 (another testcase by Wesley Schwengle).
21 - try a proper fix this time.
22
234.01 Sun Feb 24 05:03:30 CET 2019
24 - fix some stack corruption caused mostly when calling methods
25 in list context (testcase by Wesley Schwengle).
26
274.0 Fri Nov 16 00:06:54 CET 2018
28 - SECURITY IMPLICATION: this release enables allow_nonref by default
29 for compatibility with RFC 7159 and newer. See "old" vs. "new"
30 JSON under SECURITY CONSIDERATIONS.
31 - reworked the "old" vs. "new" JSON section.
32 - add ->boolean_values to provide the values to which booleans
33 decode (requested by Aristotle Pagaltzis).
34 - decode would wrongly accept ASCII NUL characters instead of
35 reporting them as trailing garbage.
36 - work around what smells like a perl bug w.r.t. exceptions
37 thrown in callbacks.
38 - incremental parser now more or less respects allow_nonref.
39 - json_xs json-pretty now enables canonical mode.
40 - add documentation section about I-JSON.
41 - minor documentation fixes/updates.
42
433.04 Thu Aug 17 04:30:47 CEST 2017
44 - change exponential realloc algorithm on encoding and string decoding to be
45 really exponential (this helps slow/debugging allocators such as libumem)
46 (reported by Matthew Horsfall).
47 - string encoding would needlessly overallocate output space
48 (testcase by Matthew Horsfall).
49 - be very paranoid about extending buffer lengths and croak if buffers get too large,
50 which might (or might not) improve security.
51 - add cbor-packed type to json_xs.
52 - switch from YAML to YAML::XS in json_xs, as YAML is way too buggy and outdated.
53
543.03 Wed Nov 16 20:20:59 CET 2016
55 - fix a bug introduced by a perl bug workaround that would cause
56 incremental parsing to fail with a sv_chop panic.
57 - json_xs: toformat failure error message fixed.
58 - json_xs: allow cyclic data structures in CBOR.
59
603.02 Fri Feb 26 22:45:20 CET 2016
61 - allow_nonref now affects booleans (\1, $Types::Serialiser::Boolean)
62 as well (reported by Alex Efros).
63 - allow literal tabs in strings in relaxed mode (patch by
64 lubo.rintel@gooddata.com).
65 - support "cbor" format in json_xs tool.
66 - support (and fix) calling encode and decode in list context
67 (reported by Вадим Власов).
68 - work around a bug in older perls crashing when presented
69 with shared hash keys (Reini Urban).
70 - use stability canary.
71
723.01 Tue Oct 29 16:55:15 CET 2013
73 - backport to perls < 5.18 (reported by Paul Howarth).
74
753.0 Tue Oct 29 01:35:37 CET 2013
76 - implemented an object tagging extension (using the
77 Types::Serialiser serialisation protocol).
78 - reworked the documentation regarding object serialisation,
79 add a new OBJECT SERIALISATION section that explains th
80 whole process.
81 - new setting: allow_tags.
82 - switch to Types::Serialiser booleans.
83 - remove to_json/from_json.
84 - other minor improvements to the documentation.
85
862.34 Thu May 23 11:30:34 CEST 2013
87 - work around bugs in perl 5.18 breaking more than 100
88 widely used modules, without a fix in sight because
89 p5pers don't care about CPAN anymore.
90 - when canonicalising, only allocate up to 64 hash key
91 pointers on the stack. for larger hashes, use the heap,
92 to avoid using too much stackspace.
93 - discuss the problem with setlocale (reported by a few victims).
94
952.33 Wed Aug 1 21:03:52 CEST 2012
96 - internal encode/decode XS wrappers did not expect stack
97 moves caused by callbacks (analyzed and testcase by Jesse Luehrs).
98 - add bencode as to/from option in bin/json_xs.
99 - add -e option to json_xs, and none and string in/out formats.
100
1012.32 Thu Aug 11 19:06:38 CEST 2011
102 - fix a bug in the initial whitespace accumulation.
103
1042.31 Wed Jul 27 17:53:05 CEST 2011
105 - don't accumulate initial whitespace in the incremental buffer
106 (this can be useful to allow whitespace-keepalive on a tcp
107 connection without triggering the max_size limit).
108 - properly croak on some invalid inputs that are not strings
109 (e.g. undef) when trying to decode a json text (reported
110 and analyzed by Goro Fuji).
111
1122.3 Wed Aug 18 01:26:47 CEST 2010
113 - make sure decoder doesn't change the decoding in the incremental
114 parser (testcase provided by Hendrik Schumacher).
115 - applied patch by DaTa for Data::Dumper support in json_xs.
116 - added -t dump support to json_xs, using Data::Dump.
117 - added -f eval support to json_xs.
118
1192.29 Wed Mar 17 02:39:12 CET 2010
120 - fix a memory leak when callbacks set using filter_json_object
121 or filter_json_single_key_object were called (great testcase
122 by Eric Wilhelm).
123
1242.28 Thu Mar 11 20:30:46 CET 2010
125 - implement our own atof function - perl's can be orders of
126 magnitudes slower than even the system one. on the positive
127 side, ours seems to be more exact in general than perl's.
128 (testcase provided by Tim Meadowcroft).
129 - clarify floating point conversion issues a bit.
130 - update jpsykes csrf article url.
131 - updated benchmark section - JSON::PP became much faster!
132
1332.27 Thu Jan 7 07:35:08 CET 2010
134 - support relaxed option inside the incremental parser
135 (testcase provided by IKEGAMI via Makamaka).
136
1372.26 Sat Oct 10 03:26:19 CEST 2009
138 - big integers could become truncated (based on patch
139 by Strobl Anton).
140 - output format change: indent now adds a final newline, which is
141 more expected and more true to the documentation.
142
1432.25 Sat Aug 8 12:04:41 CEST 2009
144 - the perl debugger completely breaks lvalue subs - try to work
145 around the issue.
146 - ignore RMAGICAL hashes w.r.t. CANONICAL.
147 - try to work around a possible char signedness issue on aix.
148 - require common sense.
149
1502.24 Sat May 30 08:25:45 CEST 2009
151 - the incremental parser did not update its parse offset
152 pointer correctly when parsing utf8-strings (nicely
153 debugged by Martin Evans).
154 - appending a non-utf8-string to the incremental parser
155 in utf8 mode failed to upgrade the string.
156 - wording of parse error messages has been improved.
157
1582.232 Sun Feb 22 11:12:25 CET 2009
159 - use an exponential algorithm to extend strings, to
160 help platforms with bad or abysmal==windows memory
161 allocater performance, at the expense of some memory
162 wastage (use shrink to recover this extra memory).
163 (nicely analysed by Dmitry Karasik).
164
1652.2311 Thu Feb 19 02:12:54 CET 2009
166 - add a section "JSON and ECMAscript" to explain some
167 incompatibilities between the two (problem was noted by
168 various people).
169 - add t/20_faihu.t.
170
1712.231 Thu Nov 20 04:59:08 CET 2008
172 - work around 5.10.0 magic bugs where manipulating magic values
173 (such as $1) would permanently damage them as perl would
174 ignore the magicalness, by making a full copy of the string,
175 reported by Dmitry Karasik.
176 - work around spurious warnings under older perl 5.8's.
177
1782.23 Mon Sep 29 05:08:29 CEST 2008
179 - fix a compilation problem when perl is not using char * as, well,
180 char *.
181 - use PL_hexdigit in favour of rolling our own.
182
1832.2222 Sun Jul 20 18:49:00 CEST 2008
184 - same game again, broken 5.10 finds yet another assertion
185 failure, and the workaround causes additional runtime warnings.
186 Work around the next assertion AND the warning. 5.10 seriously
187 needs to adjust it's attitude against working code.
188
1892.222 Sat Jul 19 06:15:34 CEST 2008
190 - you work around one -DDEBUGGING assertion bug in perl 5.10
191 just to hit the next one. work around this one, too.
192
1932.22 Tue Jul 15 13:26:51 CEST 2008
194 - allow higher nesting levels in incremental parser.
195 - error out earlier in some cases in the incremental parser
196 (as suggested by Yuval Kogman).
197 - improve incr-parser test (Yuval Kogman).
198
1992.21 Tue Jun 3 08:43:23 CEST 2008
200 - (hopefully) work around a perl 5.10 bug with -DDEBUGGING.
201 - remove the experimental status of the incremental parser interface.
202 - move =encoding around again, to avoid bugs with search.cpan.org.
203 when can we finally have utf-8 in pod???
204 - add ->incr_reset method.
205
2062.2 Wed Apr 16 20:37:25 CEST 2008
207 - lifted the log2 rounding restriction of max_depth and max_size.
208 - make booleans mutable by creating a copy instead of handing out
209 the same scalar (reported by pasha sadri).
210 - added support for incremental json parsing (still EXPERIMENTAL).
211 - implemented and added a json_xs command line utility that can convert
212 from/to a number of serialisation formats - tell me if you need more.
213 - implement allow_unknown/get_allow_unknown methods.
214 - fixed documentation of max_depth w.r.t. higher and equal.
215 - moved down =encoding directive a bit, too much breaks if it's the first
216 pod directive :/.
217 - removed documentation section on other modules, it became somewhat
218 outdated and is nowadays mostly of historical interest.
219
2202.1 Wed Mar 19 23:23:18 CET 2008
221 - update documentation here and there: add a large section
222 about utf8/latin1/ascii flags, add a security consideration
223 and extend and clarify the JSON and YAML section.
224 - medium speed enhancements when encoding/decoding non-ascii chars.
225 - minor speedup in number encoding case.
226 - extend and clarify the section on incompatibilities
227 between YAML and JSON.
228 - switch to static inline from just inline when using gcc.
229 - add =encoding utf-8 to the manpage, now that perl 5.10 supports it.
230 - fix some issues with UV to JSON conversion of unknown impact.
231 - published the yahoo locals search result used in benchmarks as the
232 original url changes so comparison is impossible.
233
2342.01 Wed Dec 5 11:40:28 CET 2007
235 - INCOMPATIBLE API CHANGE: to_json and from_json have been
236 renamed to encode_json/decode_json for JSON.pm compatibility.
237 The old functions croak and might be replaced by JSON.pm
238 comaptible versions in some later release.
239
2402.0 Tue Dec 4 11:30:46 CET 2007
241 - this is supposed to be the first version of JSON::XS
242 compatible with version 2.0+ of the JSON module.
243 Using the JSON module as frontend to JSON::XS should be
244 as fast as using JSON::XS directly, so consider using it
245 instead.
246 - added get_* methods for all "simple" options.
247 - make JSON::XS subclassable.
248
2491.53 Tue Nov 13 23:58:33 CET 2007
250 - minor doc clarifications.
251 - fixed many doc typos (patch by Thomas L. Shinnick).
252
2531.52 Mon Oct 15 03:22:06 CEST 2007
254 - remove =encoding pod directive again, it confuses too many pod
255 parsers :/.
256
2571.51 Sat Oct 13 03:55:56 CEST 2007
258 - encode empty arrays/hashes in a compact way when pretty is enabled.
259 - apparently JSON::XS was used to find some bugs in the
260 JSON_checker testsuite, so add (the corrected) JSON_checker tests to
261 the testsuite.
262 - quite a bit of doc updates/extension.
263 - require 5.8.2, as this seems to be the first unicode-stable version.
264
2651.5 Tue Aug 28 04:05:38 CEST 2007
266 - add support for tied hashes, based on ideas and testcase by
267 Marcus Holland-Moritz.
268 - implemented relaxed parsing mode where some extensions are being
269 accepted. generation is still JSON-only.
270
2711.44 Wed Aug 22 01:02:44 CEST 2007
272 - very experimental process-emulation support, slowing everything down.
273 the horribly broken perl threads are still not supported - YMMV.
274
2751.43 Thu Jul 26 13:26:37 CEST 2007
276 - convert big json numbers exclusively consisting of digits to NV
277 only when there is no loss of precision, otherwise to string.
278
2791.42 Tue Jul 24 00:51:18 CEST 2007
280 - fix a crash caused by not handling missing array elements
281 (report and testcase by Jay Kuri).
282
2831.41 Tue Jul 10 18:21:44 CEST 2007
284 - fix compilation with NDEBUG (assert side-effect),
285 affects convert_blessed only.
286 - fix a bug in decode filters calling ENTER; SAVETMPS;
287 one time too often.
288 - catch a typical error in TO_JSON methods.
289 - antique-ised XS.xs again to work with outdated
290 C compilers (windows...).
291
2921.4 Mon Jul 2 10:06:30 CEST 2007
293 - add convert_blessed setting.
294 - encode did not catch all blessed objects, encoding their
295 contents in most cases. This has been fixed by introducing
296 the allow_blessed setting.
297 - added filter_json_object and filter_json_single_key_object
298 settings that specify a callback to be called when
299 all/specific json objects are encountered.
300 - assume that most object keys are simple ascii words and
301 optimise this case, penalising the general case. This can
302 speed up decoding by 30% in typical cases and gives
303 a smaller and faster perl hash.
304 - implemented simpleminded, optional resource size checking
305 in decode_json.
306 - remove objToJson/jsonToObj aliases, as the next version
307 of JSON will not have them either.
308 - bit the bullet and converted the very simple json object
309 into a more complex one.
310 - work around a bug where perl wrongly claims an integer
311 is not an integer.
312 - unbundle JSON::XS::Boolean into own pm file so Storable
313 and similar modules can resolve the overloading when thawing.
314
3151.3 Sun Jun 24 01:55:02 CEST 2007
316 - make JSON::XS::true and false special overloaded objects
317 and return those instead of 1 and 0 for those json atoms
318 (JSON::PP compatibility is NOT achieved yet).
319 - add JSON::XS::is_bool predicate to test for those special
320 values.
321 - add a reference to
322 http://jpsykes.com/47/practical-csrf-and-json-security.
323 - removed require 5.8.8 again, it is just not very expert-friendly.
324 Also try to be more compatible with slightly older versions,
325 which are not recommended (because they are buggy).
326
3271.24 Mon Jun 11 05:40:49 CEST 2007
328 - added informative section on JSON-as-YAML.
329 - get rid of some c99-isms again.
330 - localise dec->cur in decode_str, speeding up
331 string decoding considerably (>15% on my amd64 + gcc).
332 - increased SHORT_STRING_LEN to 16kb: stack space is
333 usually plenty, and this actually saves memory
334 when !shrinking as short strings will fit perfectly.
335
3361.23 Wed Jun 6 20:13:06 CEST 2007
337 - greatly improved small integer encoding and decoding speed.
338 - implement a number of µ-optimisations.
339 - updated benchmarks.
340
3411.22 Thu May 24 00:07:25 CEST 2007
342 - require 5.8.8 explicitly as older perls do not seem to offer
343 the required macros.
344 - possibly made it compile on so-called C compilers by microsoft.
345
3461.21 Wed May 9 18:40:32 CEST 2007
347 - character offset reported for trailing garbage was random.
348
3491.2 Wed May 9 18:35:01 CEST 2007
350 - decode did not work with magical scalars (doh!).
351 - added latin1 flag to produce JSON texts in the latin1 subset
352 of unicode.
353 - flag trailing garbage as error.
354 - new decode_prefix method that returns the number
355 of characters consumed by a decode.
356 - max octets/char in perls UTF-X is actually 13, not 11,
357 as pointed out by Glenn Linderman.
358 - fixed typoe reported by YAMASHINA Hio.
359
3601.11 Mon Apr 9 07:05:49 CEST 2007
361 - properly 0-terminate sv's returned by encode to help
362 C libraries that expect that 0 to be there.
363 - partially "port" JSON from C to microsofts fucking broken
364 pseudo-C. They should be burned to the ground for pissing
365 on standards. And I should be stoned for even trying to
366 support this filthy excuse for a c compiler.
367
3681.1 Wed Apr 4 01:45:00 CEST 2007
369 - clarify documentation (pointed out by Quinn Weaver).
370 - decode_utf8 sometimes did not correctly flag errors,
371 leading to segfaults.
372 - further reduced default nesting depth to 512 due to the test
373 failure by that anonymous "chris" whose e-mail address seems
374 to be impossible to get. Tests on other freebsd systems indicate
375 that this is likely a problem in his/her configuration and not this
376 module.
377 - renamed json => JSON in error messages.
378 - corrected the character offset in some error messages.
379
3801.01 Sat Mar 31 16:15:40 CEST 2007
381 - do not segfault when from_json/decode gets passed
382 a non-string object (reported by Florian Ragwitz).
383 This has no effect on normal operation.
384
3851.0 Thu Mar 29 04:43:34 CEST 2007
386 - the long awaited (by me) 1.0 version.
387 - add \0 (JSON::XS::false) and \1 (JSON::XS::true) mappings to JSON
388 true and false.
389 - add some more notes to shrink, as suggested by Alex Efros.
390 - improve testsuite.
391 - halve the default nesting depth limit, to hopefully make it
392 work on Freebsd (unfortunately, the cpan tester did not
393 send me his report, so I cannot ask about the stack limit on fbsd).
394
3950.8 Mon Mar 26 00:10:48 CEST 2007
396 - fix a memleak when decoding hashes.
397 - export jsonToBj and objToJson as aliases
398 to to_json and from_json, to reduce incompatibilities
399 between JSON/JSON::PC and JSON::XS. (experimental).
400 - implement a maximum nesting depth for both en- and de-coding.
401 - added a security considerations sections.
402
4030.7 Sun Mar 25 01:46:30 CET 2007
8 - code cleanup. 404 - code cleanup.
9 - fix a memory overflow bug when indenting. 405 - fix a memory overflow bug when indenting.
10 - pretty-printing now up to 15% faster. 406 - pretty-printing now up to 15% faster.
11 - improve decoding speed of strings by 407 - improve decoding speed of strings by
12 up to 50% by specialcasing short strings. 408 up to 50% by specialcasing short strings.
49 case the called functions do... stuff. 445 case the called functions do... stuff.
50 - croak when encoding to ascii and an out-of-range 446 - croak when encoding to ascii and an out-of-range
51 (non-unicode) codepoint is encountered. 447 (non-unicode) codepoint is encountered.
52 448
530.2 Fri Mar 23 00:23:34 CET 2007 4490.2 Fri Mar 23 00:23:34 CET 2007
54 - the "could not sleep without debuggign release". 450 - the "could not sleep without debugging release".
55 it should basically work now, with many bugs as 451 it should basically work now, with many bugs as
56 no production tests have been run yet. 452 no production tests have been run yet.
57 - added more testcases. 453 - added more testcases.
58 - the expected shitload of bugfixes. 454 - the expected shitload of bugfixes.
59 - handle utf8 flag correctly in decode. 455 - handle utf8 flag correctly in decode.

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines