The aeson vulnerability has been fixed in aeson-2.0.1.0

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/haskell

Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
  • github

    The github API for Haskell (by haskell-github)

    still works. In my experience so far, you only need to worry if you define your own combinators, e.g. like in https://github.com/phadej/github/commit/dd3dfbccaf4de4c3095b52fefb52c6b3c961a8f8

  • aeson

    A fast Haskell JSON library

    Ah, I see you are working on this already, thank you: https://github.com/haskell/aeson/pull/883

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • libjwt-typed

    A Haskell implementation of JSON Web Token (JWT)

    I benchmarked my jose library (using the benchmark suite from https://github.com/marcin-rzeznicki/libjwt-typed, which uses criterion); the JSON objects involved are small (< 8 members) and the performance difference is negligible - perhaps slightly faster (don't have to allocate a vector of hash buckets, most of which are unused). I haven't benchmarked performance with huge numbers of members but it's O(1) [amortised, degrading to O(n) for pathological inputs] -> O(log n), so I would expect a small performance decrease for objects with >> 8 members.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts