Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request]: Support Jackson 2.15 #26743

Closed
1 of 15 tasks
Abacn opened this issue May 17, 2023 · 12 comments · Fixed by #31473
Closed
1 of 15 tasks

[Feature Request]: Support Jackson 2.15 #26743

Abacn opened this issue May 17, 2023 · 12 comments · Fixed by #31473

Comments

@Abacn
Copy link
Contributor

Abacn commented May 17, 2023

What would you like to happen?

Known breaking change

causing

com.fasterxml.jackson.core.exc.StreamConstraintsException: String length (5046272) exceeds the maximum length
(5000000)
at com.fasterxml.jackson.core.StreamReadConstraints.validateStringLength(StreamReadConstraints.java:290)
at com.fasterxml.jackson.core.util.ReadConstrainedTextBuffer.validateStringLength(ReadConstrainedTextBuffer.java:27)
at com.fasterxml.jackson.core.util.TextBuffer.finishCurrentSegment(TextBuffer.java:931)

Issue Priority

Priority: 2 (default / most feature requests should be filed as P2)

Issue Components

  • Component: Python SDK
  • Component: Java SDK
  • Component: Go SDK
  • Component: Typescript SDK
  • Component: IO connector
  • Component: Beam examples
  • Component: Beam playground
  • Component: Beam katas
  • Component: Website
  • Component: Spark Runner
  • Component: Flink Runner
  • Component: Samza Runner
  • Component: Twister2 Runner
  • Component: Hazelcast Jet Runner
  • Component: Google Cloud Dataflow Runner
@masahitojp
Copy link
Contributor

In jackson-databind, I have found that the following changes are made for the same event.
https://github.com/search?q=repo%3AFasterXML%2Fjackson-databind+maxStringLength&type=code

In apache/beam, com.fasterxml.jackson.core.JsonFactory is used in the following.

https://github.com/search?q=repo%3Aapache%2Fbeam+com.fasterxml.jackson.core.JsonFactory&type=code

@masahitojp
Copy link
Contributor

masahitojp commented May 20, 2023

In v2.15.1, the default string length was changed from 5M to 20M. If you use jackson version 2.15 or later, it would be better to upgrade to 2.15.1. :-)
FasterXML/jackson-core#1020

@Abacn
Copy link
Contributor Author

Abacn commented May 22, 2023

@masahitojp Thanks for the information. iiuc does this means the breaking change of 2.15.0 is (partly) fixed in 2.15.1 ?

I also checked tha stacktrace the jackson parser is handled by google-api-client-jackson2 dependency (not directly by Beam). It may require the update from this dependency to support Jackson 2.15.

@Abacn
Copy link
Contributor Author

Abacn commented Jul 21, 2023

As of July 2023, the latest version of google-http-client-jackson2 still uses jackson 2.14.2: https://mvnrepository.com/artifact/com.google.http-client/google-http-client-jackson2/1.43.3

@chamikaramj
Copy link
Contributor

chamikaramj commented May 22, 2024

Noting that Jackson 2.14.1 has a conflict with SnakeYaml 2.0: spring-projects/spring-boot#34405

SnakeYaml 1.x has a known vulnerability (https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.33), so we need to upgrade Jackson to properly resolve this conflict.

Also, Beam Java core recently added a hard dependency to SnakeYaml 2.0:

implementation "org.yaml:snakeyaml:2.0"

@chamikaramj
Copy link
Contributor

cc: @ahmedabu98 since we added the SnakeYaml 2.0 dependency in #30808.

@chamikaramj
Copy link
Contributor

@Abacn @kennknowles should we consider making this a release blocker ?

@kennknowles
Copy link
Member

Yes, that could make sense if we currently have a dep conflict that will block important uses. What is the resolution proposal?

@chamikaramj chamikaramj added this to the 2.57.0 Release milestone Jun 1, 2024
@chamikaramj
Copy link
Contributor

chamikaramj commented Jun 1, 2024

So we can either downgrade SnakeYAML to 1.33 or upgrade Jackson to 2.15. SnakeYAML 1.33 has a a known vulnerability so upgrading Jackson is probably preferable. I'm not sure if we'll run into other conflicts due to other dependencies transitively depending on Jackson 2.14 though.

Assigning to @Abacn to comment on the feasibility / best approach on resolving this conflict.

@chamikaramj chamikaramj added P1 and removed P2 labels Jun 1, 2024
@chamikaramj
Copy link
Contributor

cc: @liferoad

@Abacn
Copy link
Contributor Author

Abacn commented Jun 1, 2024

There is indeed transient dependency on snakeyaml 1.x, for cassandra-all 3.x used in hadoop-format test. see CASSANDRA-19653

@Abacn
Copy link
Contributor Author

Abacn commented Jun 5, 2024

For those who upgraded to Jackson 2.15 and see the problem in the Issue description, spring-projects/spring-boot#34709 (comment) may be solution (going to get reproduce on my own)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants