The aeson vulnerability has been fixed in aeson-2.0.1.0

This page summarizes the projects mentioned and recommended in the original post on /r/haskell
Web API Aeson Github

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • github

    The github API for Haskell (by haskell-github)

    • still works. In my experience so far, you only need to worry if you define your own combinators, e.g. like in https://github.com/phadej/github/commit/dd3dfbccaf4de4c3095b52fefb52c6b3c961a8f8

  • aeson

    A fast Haskell JSON library

    • Ah, I see you are working on this already, thank you: https://github.com/haskell/aeson/pull/883

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • libjwt-typed

    A Haskell implementation of JSON Web Token (JWT)

    • I benchmarked my jose library (using the benchmark suite from https://github.com/marcin-rzeznicki/libjwt-typed, which uses criterion); the JSON objects involved are small (< 8 members) and the performance difference is negligible - perhaps slightly faster (don't have to allocate a vector of hash buckets, most of which are unused). I haven't benchmarked performance with huge numbers of members but it's O(1) [amortised, degrading to O(n) for pathological inputs] -> O(log n), so I would expect a small performance decrease for objects with >> 8 members.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts