jackson-databind
llvm-project
jackson-databind | llvm-project | |
---|---|---|
11 | 349 | |
3,455 | 25,563 | |
0.4% | 2.0% | |
9.7 | 10.0 | |
5 days ago | 7 days ago | |
Java | C++ | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jackson-databind
-
The Bogus CVE Problem
Jackson had this problem a few months back, where someone reported a critical CVE against the project and broke builds all around the planet https://github.com/FasterXML/jackson-databind/issues/3972
Basically the programmer (not the attacker) had to write code where an object contained itself
HashMap map=new HashMap<>();
map.put("recursive",map);
After this, Jackson would indeed stack overflow if you asked it to wrap the object to JSON. Then again, half the build-in Java functions (e.g. getting an object hashcode for the map object) also fail for a recursive structure.
The issue remains open 3 months later, Mitre still thinks it's hella serious, and people have yet again learned to just ignore their CI warning about CVEs
-
Now it's PostgreSQL's turn to have a bogus CVE
jackson-databind maintainer responds to a similar occurrence few weeks ago: https://github.com/FasterXML/jackson-databind/issues/3972#is...
- Disputed Jackson-databind CVE Causing Disruption
-
Serverless Speed: Rust vs. Go, Java, and Python in AWS Lambda Functions
As to Jackson itself see https://github.com/FasterXML/jackson-databind/issues/1970 for example on startup issues. There are others.
-
"Shaping JSON" in Jackson without creating an object
after reading https://github.com/FasterXML/jackson-databind/issues/2239 but setting JsonCreator and adding the JsonFormat didn't work.
-
Deserializing /Serializing immutable fields and the fields within the fields which are immutable and not changeable with Jackson
Jackson should support records out of the box https://github.com/FasterXML/jackson-databind/issues/2709
-
`int('1' * 4301)` will raise ValueError starting with Python 3.10.7
Its not like this vulnerability is something new. Similar issues have been public knowledge for at least four years and discussed widely. The fact that str to int and int to str conversions are slow for huge ints is hardly news.
- Ômicron preocupa por ter respaldo de um modelo Bayesiano para prever o final do ano
-
How to write reflection for C++
In C#, Newtonsoft Json has similar functionality, and in Java — Jackson2 ObjectMapper.
- Método put com problema em campo DATE
llvm-project
-
Ask HN: Which books/resources to understand modern Assembler?
'Computer Architeture: A Quantitative Apporach" and/or more specific design types (mips, arm, etc) can be found under the Morgan Kaufmann Series in Computer Architeture and Design.
"Getting Started with LLVM Core Libraries: Get to Grips With Llvm Essentials and Use the Core Libraries to Build Advanced Tools "
"The Architecture of Open Source Applications (Volume 1) : LLVM" https://aosabook.org/en/v1/llvm.html
"Tourist Guide to LLVM source code" : https://blog.regehr.org/archives/1453
llvm home page : https://llvm.org/
llvm tutorial : https://llvm.org/docs/tutorial/
llvm reference : https://llvm.org/docs/LangRef.html
learn by examples : C source code to 'llvm' bitcode : https://stackoverflow.com/questions/9148890/how-to-make-clan...
-
Flang-new: How to force arrays to be allocated on the heap?
See
https://github.com/llvm/llvm-project/issues/88344
https://fortran-lang.discourse.group/t/flang-new-how-to-forc...
- The LLVM Compiler Infrastructure
-
Programming from Top to Bottom - Parsing
You can never mistake type_declaration with an identifier, otherwise the program will not work. Aside from that constraint, you are free to name them whatever you like, there is no one standard, and each parser has it own naming conventions, unless you are planning to use something like LLVM. If you are interested, you can see examples of naming in different language parsers in the AST Explorer.
-
Look ma, I wrote a new JIT compiler for PostgreSQL
> There is one way to make the LLVM JIT compiler more usable, but I fear it’s going to take years to be implemented: being able to cache and reuse compiled queries.
Actually, it's implemented in LLVM for years :) https://github.com/llvm/llvm-project/commit/a98546ebcd2a692e...
-
C++ Safety, in Context
> It's true, this was a CVE in Rust and not a CVE in C++, but only because C++ doesn't regard the issue as a problem at all. The problem definitely exists in C++, but it's not acknowledged as a problem, let alone fixed.
Can you find a link that substantiates your claim? You're throwing out some heavy accusations here that don't seem to match reality at all.
Case in point, this was fixed in both major C++ libraries:
https://github.com/gcc-mirror/gcc/commit/ebf6175464768983a2d...
https://github.com/llvm/llvm-project/commit/4f67a909902d8ab9...
So what C++ community refused to regard this as an issue and refused to fix it? Where is your supporting evidence for your claims?
-
Clang accepts MSVC arguments and targets Windows if its binary is named clang-cl
For everyone else looking for the magic in this almost 7k lines monster, look at line 6610 [1].
[1] https://github.com/llvm/llvm-project/blob/8ec28af8eaff5acd0d...
-
Rewrite the VP9 codec library in Rust
Through value tracking. It's actually LLVM that does this, GCC probably does it as well, so in theory explicit bounds checks in regular C code would also be removed by the compiler.
How it works exactly I don't know, and apparently it's so complex that it requires over 9000 lines of C++ to express:
https://github.com/llvm/llvm-project/blob/main/llvm/lib/Anal...
-
Fortran 2023
https://github.com/llvm/llvm-project/blob/main/flang/docs/F2...
-
MiniScript Ports
• Go • Rust • Lua • pure C (sans C++) • 6502 assembly • WebAssembly • compiler backends, like LLVM or Cranelift
What are some alternatives?
MapStruct - An annotation processor for generating type-safe bean mappers
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
simdjson - Parsing gigabytes of JSON per second : used by Facebook/Meta Velox, the Node.js runtime, ClickHouse, WatermelonDB, Apache Doris, Milvus, StarRocks
Lark - Lark is a parsing toolkit for Python, built with a focus on ergonomics, performance and modularity.
fastjson2 - 🚄 FASTJSON2 is a Java JSON library with excellent performance.
gcc
Hibernate - Hibernate's core Object/Relational Mapping functionality
SDL - Simple Directmedia Layer
record-builder - Record builder generator for Java records
cosmopolitan - build-once run-anywhere c library
infobip-spring-data-querydsl - Infobip Spring Data Querydsl provides new functionality that enables the user to leverage the full power of Querydsl API on top of Spring Data repository infrastructure.
windmill - Open-source developer platform to turn scripts into workflows and UIs. Fastest workflow engine (5x vs Airflow). Open-source alternative to Airplane and Retool.