jackson-databind
Caddy
jackson-databind | Caddy | |
---|---|---|
11 | 402 | |
3,455 | 53,718 | |
0.4% | 1.1% | |
9.7 | 9.5 | |
5 days ago | 7 days ago | |
Java | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jackson-databind
-
The Bogus CVE Problem
Jackson had this problem a few months back, where someone reported a critical CVE against the project and broke builds all around the planet https://github.com/FasterXML/jackson-databind/issues/3972
Basically the programmer (not the attacker) had to write code where an object contained itself
HashMap map=new HashMap<>();
map.put("recursive",map);
After this, Jackson would indeed stack overflow if you asked it to wrap the object to JSON. Then again, half the build-in Java functions (e.g. getting an object hashcode for the map object) also fail for a recursive structure.
The issue remains open 3 months later, Mitre still thinks it's hella serious, and people have yet again learned to just ignore their CI warning about CVEs
-
Now it's PostgreSQL's turn to have a bogus CVE
jackson-databind maintainer responds to a similar occurrence few weeks ago: https://github.com/FasterXML/jackson-databind/issues/3972#is...
- Disputed Jackson-databind CVE Causing Disruption
-
Serverless Speed: Rust vs. Go, Java, and Python in AWS Lambda Functions
As to Jackson itself see https://github.com/FasterXML/jackson-databind/issues/1970 for example on startup issues. There are others.
-
"Shaping JSON" in Jackson without creating an object
after reading https://github.com/FasterXML/jackson-databind/issues/2239 but setting JsonCreator and adding the JsonFormat didn't work.
-
Deserializing /Serializing immutable fields and the fields within the fields which are immutable and not changeable with Jackson
Jackson should support records out of the box https://github.com/FasterXML/jackson-databind/issues/2709
-
`int('1' * 4301)` will raise ValueError starting with Python 3.10.7
Its not like this vulnerability is something new. Similar issues have been public knowledge for at least four years and discussed widely. The fact that str to int and int to str conversions are slow for huge ints is hardly news.
- Ômicron preocupa por ter respaldo de um modelo Bayesiano para prever o final do ano
-
How to write reflection for C++
In C#, Newtonsoft Json has similar functionality, and in Java — Jackson2 ObjectMapper.
- Método put com problema em campo DATE
Caddy
-
Why Does Windows Use Backslash as Path Separator?
No, look at the associated unit test: https://github.com/caddyserver/caddy/blob/c6eb186064091c79f4...
If that test fails we could serve PHP source code instead of having it be evaluated, a major security flaw.
-
How to securely reverse-proxy ASP.NET Core web apps
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
-
HTTP/2 Continuation Flood: Technical Details
I think that recompiling with upgraded Go will not solve the issue. It seems Caddy imports `golang.org/x/net/http2` and pins it to v0.22.0 which is vulnerable: https://github.com/caddyserver/caddy/issues/6219#issuecommen....
-
Show HN: Nano-web, a low latency one binary webserver designed for serving SPAs
Caddy [1] is a single binary. It is not minimal, but the size difference is barely noticeable.
serve also comes to mind. If you have node installed, `npx serve .` does exactly that.
There are a few go projects that fit your description, none of them very popular, probably because they end up being a 20-line wrapper around http frameworks just like this one.
[1] https://caddyserver.com/
-
I Deployed My Own Cute Lil’ Private Internet (a.k.a. VPC)
Each app’s front end is built with Qwik and uses Tailwind for styling. The server-side is powered by Qwik City (Qwik’s official meta-framework) and runs on Node.js hosted on a shared Linode VPS. The apps also use PM2 for process management and Caddy as a reverse proxy and SSL provisioner. The data is stored in a PostgreSQL database that also runs on a shared Linode VPS. The apps interact with the database using Drizzle, an Object-Relational Mapper (ORM) for JavaScript. The entire infrastructure for both apps is managed with Terraform using the Terraform Linode provider, which was new to me, but made provisioning and destroying infrastructure really fast and easy (once I learned how it all worked).
-
Automatic SSL Solution for SaaS/MicroSaaS Applications with Caddy, Node.js and Docker
So I dug a little deeper and came across this gem: Caddy. Caddy is this fantastic, extensible, cross-platform, open-source web server that's written in Go. The best part? It comes with automatic HTTPS. It basically condenses all the work our scripts and manual maintenance were doing into just 4-5 lines of config. So, stick around and I'll walk you through how to set up an automatic SSL solution with Caddy, Docker and a Node.js server.
-
Cheapest ECS Fargate Service with HTTPS
Let's use Caddy which can act as reverse-proxy with automatic HTTPS coverage.
-
Bluesky announces data federation for self hosters
Even if it may be simple, it doesn't handle edge cases such as https://github.com/caddyserver/caddy/issues/1632
I personally would make the trade off of taking on more complexity so that I can have extra compatibility.
-
Freenginx.org
One of the most heavily used Russian software projects on the internet https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-n... but it's only marginally more modern than Apache httpd.
In light of recently announced nginx memory-safety vulnerabilities I'd suggest migrating to Caddy https://caddyserver.com/
- Asciinema 3.0 will be rewritten in Rust
What are some alternatives?
MapStruct - An annotation processor for generating type-safe bean mappers
traefik - The Cloud Native Application Proxy
simdjson - Parsing gigabytes of JSON per second : used by Facebook/Meta Velox, the Node.js runtime, ClickHouse, WatermelonDB, Apache Doris, Milvus, StarRocks
HAProxy - HAProxy documentation
fastjson2 - 🚄 FASTJSON2 is a Java JSON library with excellent performance.
envoy - Cloud-native high-performance edge/middle/service proxy
Hibernate - Hibernate's core Object/Relational Mapping functionality
Nginx - An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html
record-builder - Record builder generator for Java records
RoadRunner - 🤯 High-performance PHP application server, process manager written in Go and powered with plugins
infobip-spring-data-querydsl - Infobip Spring Data Querydsl provides new functionality that enables the user to leverage the full power of Querydsl API on top of Spring Data repository infrastructure.
Squid - Squid Web Proxy Cache