The aeson vulnerability has been fixed in aeson-2.0.1.0

This page summarizes the projects mentioned and recommended in the original post on /r/haskell

Our great sponsors
  • Onboard AI - Learn any GitHub repo in 59 seconds
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • SaaSHub - Software Alternatives and Reviews
  • github

    The github API for Haskell (by haskell-github)

    still works. In my experience so far, you only need to worry if you define your own combinators, e.g. like in https://github.com/phadej/github/commit/dd3dfbccaf4de4c3095b52fefb52c6b3c961a8f8

  • aeson

    A fast Haskell JSON library

    Ah, I see you are working on this already, thank you: https://github.com/haskell/aeson/pull/883

  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  • libjwt-typed

    A Haskell implementation of JSON Web Token (JWT)

    I benchmarked my jose library (using the benchmark suite from https://github.com/marcin-rzeznicki/libjwt-typed, which uses criterion); the JSON objects involved are small (< 8 members) and the performance difference is negligible - perhaps slightly faster (don't have to allocate a vector of hash buckets, most of which are unused). I haven't benchmarked performance with huge numbers of members but it's O(1) [amortised, degrading to O(n) for pathological inputs] -> O(log n), so I would expect a small performance decrease for objects with >> 8 members.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts