File _patchinfo of Package patchinfo.23702
<patchinfo incident="23702">
<issue tracker="bnc" id="1197132">VUL-0: CVE-2020-36518: jackson-databind: StackOverflow exception via a large depth of nested objects</issue>
<issue tracker="bnc" id="1177616">VUL-0: CVE-2020-25649: jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)</issue>
<issue tracker="bnc" id="1182481">VUL-0: CVE-2020-28491: jackson-dataformats-binary: allocation of byte buffer can cause `java.lang.OutOfMemoryError` exception</issue>
<issue tracker="cve" id="2020-36518"/>
<issue tracker="cve" id="2020-25649"/>
<issue tracker="cve" id="2020-28491"/>
<packager>fstrba</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core</summary>
<description>This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues:
Security issues fixed:
- CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132)
- CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616)
- CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481)
Non security fixes:
jackson-annotations - update from version 2.10.2 to version 2.13.0:
+ Build with source/target levels 8
+ Add 'mvnw' wrapper
+ 'JsonSubType.Type' should accept array of names
+ Jackson version alignment with Gradle 6
+ Add '@JsonIncludeProperties'
+ Add '@JsonTypeInfo(use=DEDUCTION)'
+ Ability to use '@JsonAnyGetter' on fields
+ Add '@JsonKey' annotation
+ Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping
+ Add 'namespace' property for '@JsonProperty' (for XML module)
+ Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue'
+ 'JsonPattern.Value.pattern' retained as "", never (accidentally) exposed as 'null'
+ Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven
jackson-bom - update from version 2.10.2 to version 2.13.0:
+ Configure moditect plugin with '<jvmVersion>11</jvmVersion>'
+ jackson-bom manages the version of 'junit:junit'
+ Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes)
+ Removed "jakarta" classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts
(Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers)
+ Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2)
+ Add (beta) version for 'jackson-dataformat-toml'
+ Jakarta 9 artifact versions are missing from jackson-bom
+ Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata)
+ Add default settings for 'build-helper-maven-plugin'
+ Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later)
+ Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+
+ Add missing version for jackson-datatype-eclipse-collections
jackson-core - update from version 2.10.2 to version 2.13.0:
+ Build with source and target levels 8
+ Misleading exception for input source when processing byte buffer with start offset
+ Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()'
+ Add 'StreamWriteException' type to eventually replace 'JsonGenerationException'
+ Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in
'JsonParser'
+ Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()'
+ Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in
'JsonParser'/'JsonGenerator
+ Introduce O(n^1.5) BigDecimal parser implementation
+ ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null
+ UTF32Reader ArrayIndexOutOfBoundsException
+ Improve exception/JsonLocation handling for binary content: don't show content, include byte offset
+ Fix an issue with the TokenFilter unable to ignore properties when deserializing.
+ Optimize array allocation by 'JsonStringEncoder'
+ Add 'mvnw' wrapper
+ (partial) Optimize array allocation by 'JsonStringEncoder'
+ Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers'
(like 'getJsonStringEncoder()')
+ 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)'
+ Allow "optional-padding" for 'Base64Variant'
+ More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion')
+ Publish Gradle Module Metadata
+ Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements
+ Add 'JsonParser.isExpectedNumberIntToken()' convenience method
+ Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements
+ Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering
+ Limit initial allocated block size by 'ByteArrayBuilder' to max block size
+ Add 'JacksonException' as parent class of 'JsonProcessingException'
+ Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public
+ Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead)
+ Full "LICENSE" included in jar for easier access by compliancy tools
+ Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator'
+ Add a String Array write method in the Streaming API
+ Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber'
+ Add JsonGenerator#writeNumber(char[], int, int) method
+ Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called
+ 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'
+ Optionally allow leading decimal in float tokens
+ Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven
+ Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens
+ Handle case when system property access is restricted
+ 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'
+ DataFormatMatcher#getMatchedFormatName throws NPE when no match exists
+ 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads
jackson-databind - update from version 2.10.5.1 to version 2.13.0:
+ '@JsonValue' with integer for enum does not deserialize correctly
+ 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message
+ Add 'DatabindException' as intermediate subtype of 'JsonMappingException'
+ Jackson does not support deserializing new Java 9 unmodifiable collections
+ Allocate TokenBuffer instance via context objects (to
allow format-specific buffer types)
+ Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper'
+ Add 'DeserializationContext.readTreeAsValue()' methods
for more convenient conversions for deserializers to use
+ Clean up support of typed "unmodifiable", "singleton"
Maps/Sets/Collections
+ Extend internal bitfield of 'MapperFeature' to be
'long'
+ Add 'removeMixIn()' method in 'MapperBuilder'
+ Backport 'MapperBuilder' lambda-taking methods:
'withConfigOverride()', 'withCoercionConfig()',
'withCoercionConfigDefaults()'
+ configOverrides(boolean.class) silently ignored,
whereas .configOverride(Boolean.class) works for both
primitives and boxed boolean values
+ Dont track unknown props in buffer if
'ignoreAllUnknown' is true
+ Should allow deserialization of java.time types via
opaque 'JsonToken.VALUE_EMBEDDED_OBJECT'
+ Optimize "AnnotatedConstructor.call()" case by passing
explicit null
+ Add AnnotationIntrospector.XmlExtensions interface for
decoupling javax dependencies
+ Custom SimpleModule not included in list returned by
ObjectMapper.getRegisteredModuleIds() after registration
+ Use more limiting default visibility settings for JDK
types (java.*, javax.*)
+ Deep merge for 'JsonNode' using 'ObjectReader.readTree()'
+ IllegalArgumentException: Conflicting setter
definitions for property with more than 2 setters
+ Serializing java.lang.Thread fails on JDK 11 and above
+ String-based 'Map' key deserializer is not
deterministic when there is no single arg constructor
+ Add ArrayNode#set(int index, primitive_type value)
+ JsonStreamContext "currentValue" wrongly references to
'@JsonTypeInfo' annotated object
+ DOM 'Node' serialization omits the default namespace
declaration
+ Support 'suppressed' property when deserializing 'Throwable'
+ 'AnnotatedMember.equals()' does not work reliably
+ Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module
+ For an absent property Jackson injects 'NullNode'
instead of 'null' to a JsonNode-typed constructor argument of
a '@ConstructorProperties'-annotated constructor
+ 'XMLGregorianCalendar' doesn't work with default typing
+ Content 'null' handling not working for root values
+ StdDeserializer rejects blank (all-whitespace) strings
for ints
+ 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with
'DefaultTypeResolverBuilder'
+ Add PropertyNamingStrategies.UpperSnakeCaseStrategy
(and UPPER_SNAKE_CASE constant)
+ StackOverflowError when serializing JsonProcessingException
+ Support for BCP 47 'java.util.Locale' serialization/deserialization
+ String property deserializes null as "null" for
JsonTypeInfo.As.EXISTING_PROPERTY
+ Can not deserialize json to enum value with
Object-/Array-valued input, '@JsonCreator'
+ Fix to avoid problem with 'BigDecimalNode', scale of
'Integer.MIN_VALUE'
+ Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover
coercion from (Empty) String via 'AsNull'
+ Add 'mvnw' wrapper
+ (regression) Factory method generic type resolution
does not use Class-bound type parameter
+ Deserialization of "empty" subtype with DEDUCTION failed
+ Merge findInjectableValues() results in
AnnotationIntrospectorPair
+ READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't
work with empty strings
+ 'TypeFactory' cannot convert 'Collection' sub-type
without type parameters to canonical form and back
+ Fix for [modules-java8#207]: prevent fail on secondary Java 8
date/time types
+ EXTERNAL_PROPERTY does not work well with '@JsonCreator'
and 'FAIL_ON_UNKNOWN_PROPERTIES'
+ String property deserializes null as "null" for
'JsonTypeInfo.As.EXTERNAL_PROPERTY'
+ Property ignorals cause 'BeanDeserializer 'to forget
how to read from arrays (not copying
'_arrayDelegateDeserializer')
+ UntypedObjectDeserializer' mixes multiple unwrapped
collections (related to #2733)
+ Two cases of incorrect error reporting about
DeserializationFeature
+ Bug in polymorphic deserialization with '@JsonCreator',
'@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY'
+ Polymorphic subtype deduction ignores 'defaultImpl'
attribute
+ MismatchedInputException: Cannot deserialize instance
of 'com.fasterxml.jackson.databind.node.ObjectNode' out of
VALUE_NULL token
+ Missing override for 'hasAsKey()' in
'AnnotationIntrospectorPair'
+ Creator lookup fails with 'InvalidDefinitionException'
for conflict between single-double/single-Double arg constructor
+ 'MapDeserializer' forcing 'JsonMappingException'
wrapping even if WRAP_EXCEPTIONS set to false
+ Auto-detection of constructor-based creator method
skipped if there is an annotated factory-based creator method
(regression from 2.11)
+ 'ObjectMapper.treeToValue()' no longer invokes
'JsonDeserializer.getNullValue()'
+ DeserializationProblemHandler is not invoked when
trying to deserialize String
+ Fix failing 'double' JsonCreators in jackson 2.12.0
+ Conflicting in POJOPropertiesCollector when having
namingStrategy
+ Breaking API change in 'BasicClassIntrospector' (2.12.0)
+ 'JsonNode.requiredAt()' does NOT fail on some path expressions
+ Exception thrown when 'Collections.synchronizedList()'
is serialized with type info, deserialized
+ Add option to resolve type from multiple existing
properties, '@JsonTypeInfo(use=DEDUCTION)'
+ '@JsonIgnoreProperties' does not prevent Exception
Conflicting getter/setter definitions for property
+ Deserialization Not Working Right with Generic Types and
Builders
+ Add '@JsonIncludeProperties(propertyNames)' (reverse of
'@JsonIgnoreProperties')
+ '@JsonAnyGetter' should be allowed on a field
+ Allow handling of single-arg constructor as property
based by default
+ Allow case insensitive deserialization of String value
into 'boolean'/'Boolean' (esp for Excel)
+ Allow use of '@JsonFormat(with=JsonFormat.Feature
.ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class
+ Abstract class included as part of known type ids for
error message when using JsonSubTypes
+ Distinguish null from empty string for UUID
deserialization
+ 'ReferenceType' does not expose valid containedType
+ Add 'CoercionConfig[s]' mechanism for configuring
allowed coercions
+ 'JsonProperty.Access.READ_ONLY' does not work with
"getter-as-setter" 'Collection's
+ Support 'BigInteger' and 'BigDecimal' creators in
'StdValueInstantiator'
+ 'JsonProperty.Access.READ_ONLY' fails with collections
when a property name is specified
+ 'BigDecimal' precision not retained for polymorphic
deserialization
+ Support use of 'Void' valued properties
('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES')
+ Explicitly fail (de)serialization of 'java.time.*'
types in absence of registered custom (de)serializers
+ Improve description included in by
'DeserializationContext.handleUnexpectedToken()'
+ Support for JDK 14 record types ('java.lang.Record')
+ 'PropertyNamingStrategy' class initialization depends
on its subclass, this can lead to class loading deadlock
+ 'FAIL_ON_IGNORED_PROPERTIES' does not throw on
'READONLY' properties with an explicit name
+ Add Gradle Module Metadata for version alignment with
Gradle 6
+ Allow 'JsonNode' auto-convert into 'ArrayNode' if
duplicates found (for XML)
+ Allow values of "untyped" auto-convert into 'List' if
duplicates found (for XML)
+ Add 'ValueInstantiator.createContextual(...)
+ Support multiple names in 'JsonSubType.Type'
+ Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic
deserialization of Enums
+ Explicitly fail (de)serialization of 'org.joda.time.*'
types in absence of registered custom (de)serializers
+ Trailing zeros are stripped when deserializing
BigDecimal values inside a @JsonUnwrapped property
+ Extract getter/setter/field name mangling from
'BeanUtil' into pluggable 'AccessorNamingStrategy'
+ Throw 'InvalidFormatException' instead of
'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion
failures
+ Add '@JsonKey' annotation (similar to '@JsonValue') for
customizable serialization of Map keys
+ 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should
work for enum as keys
+ Add support for disabling special handling of "Creator
properties" wrt alphabetic property ordering
+ Add 'JsonNode.canConvertToExactIntegral()' to indicate
whether floating-point/BigDecimal values could be converted to
integers losslessly
+ Improve static factory method generic type resolution
logic
+ Allow preventing "Enum from integer" coercion using new
'CoercionConfig' system
+ '@JsonValue' not considered when evaluating inclusion
+ Make some java platform modules optional
+ Add support for serializing 'java.sql.Blob'
+ 'AnnotatedCreatorCollector' should avoid processing
synthetic static (factory) methods
+ Add errorprone static analysis profile to detect bugs at build time
+ Problem with implicit creator name detection for constructor detection
+ Add 'BeanDeserializerBase.isCaseInsensitive()'
+ Refactoring of 'CollectionDeserializer' to solve CSV array handling issues
+ Full "LICENSE" included in jar for easier access by compliancy tools
+ Fix type resolution for static methods (regression in 2.11.3)
+ '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo',
'PropertyGenerator'
+ Add debug improvements about 'ClassUtil.getClassMethods()'
+ Cannot detect creator arguments of mixins for JDK types
+ Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer')
+ Json serialization fails or a specific case that
contains generics and static methods with generic parameters
(2.11.1 -> 2.11.2 regression)
+ 'ObjectMapper.activateDefaultTypingAsProperty()' is not
using parameter 'PolymorphicTypeValidator'
+ Problem deserialization "raw generic" fields
(like 'Map') in 2.11.2
+ Fix issues with 'MapLikeType.isTrueMapType()',
'CollectionLikeType.isTrueCollectionType()'
+ Parser/Generator features not set when using
'ObjectMapper.createParser()', 'createGenerator()'
+ Polymorphic subtypes not registering on copied
ObjectMapper (2.11.1)
+ Failure to read AnnotatedField value in Jackson 2.11
+ 'TypeFactory.constructType()' does not take
'TypeBindings' correctly
+ Builder Deserialization with JsonCreator Value vs Array
+ JsonCreator on static method in Enum and Enum used as
key in map fails randomly
+ 'StdSubtypeResolver' is not thread safe (possibly due
to copy not being made with 'ObjectMapper.copy()')
+ "Conflicting setter definitions for property" exception
for 'Map' subtype during deserialization
+ Fail to deserialize local Records
+ Rearranging of props when property-based generator is
in use leads to incorrect output
+ Jackson doesn't respect
'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer
properties
+ 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS'
don't support 'Map' type field
+ JsonParser from MismatchedInputException cannot
getText() for floating-point value
+ i-I case conversion problem in Turkish locale with
case-insensitive deserialization
+ '@JsonInject' fails on trying to find deserializer even
if inject-only
+ Polymorphic deserialization should handle
case-insensitive Type Id property name if
'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled
+ TreeTraversingParser and UTF8StreamJsonParser create
contexts differently
+ Support use of '@JsonAlias' for enum values
+ 'declaringClass' of "enum-as-POJO" not removed for
'ObjectMapper' with a naming strategy
+ Fix 'JavaType.isEnumType()' to support sub-classes
+ BeanDeserializerBuilder Protected Factory Method for Extension
+ Support '@JsonSerialize(keyUsing)' and
'@JsonDeserialize(keyUsing)' on Key class
+ Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL'
+ 'ObjectMapper.registerSubtypes(NamedType...)' doesn't
allow registering same POJO for two different type ids
+ 'DeserializationContext.handleMissingInstantiator()'
throws 'MismatchedInputException' for non-static inner classes
+ Incorrect 'JsonStreamContext' for 'TokenBuffer' and
'TreeTraversingParser'
+ Add 'AnnotationIntrospector.findRenameByField()' to
support Kotlin's "is-getter" naming convention
+ Use '@JsonProperty(index)' for sorting properties on
serialization
+ Java 8 'Optional' not working with '@JsonUnwrapped' on
unwrappable type
+ Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES'
to allow blocking use of unsafe base type for polymorphic
deserialization
+ 'ObjectMapper.setSerializationInclusion()' is ignored
for 'JsonAnyGetter'
+ 'ValueInstantiationException' when deserializing using
a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS'
+ JsonIgnoreProperties(ignoreUnknown = true) does not
work on field and method level
+ Failure to resolve generic type parameters on
serialization
+ JsonParser cannot getText() for input stream on
MismatchedInputException
+ ObjectReader readValue lacks Class<T> argument
+ Change default textual serialization of
'java.util.Date'/'Calendar' to include colon in timezone
offset
+ Add 'ObjectMapper.createParser()' and 'createGenerator()' methods
+ Allow serialization of 'Properties' with non-String values
+ Add new factory method for creating custom 'EnumValues'
to pass to 'EnumDeserializer
+ 'IllegalArgumentException' thrown for mismatched
subclass deserialization
+ Add convenience methods for creating 'List', 'Map'
valued 'ObjectReader's (ObjectMapper.readerForListOf())
+ 'SerializerProvider.findContentValueSerializer()' methods
jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0:
+ (cbor) Should validate UTF-8 multi-byte validity for short decode path too
+ (ion) Deprecate 'CloseSafeUTF8Writer', remove use
+ (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'
+ (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'
+ (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully
+ (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient
handling of broken Unicode surrogate pairs on writing
+ (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule'
for native ser/deser
+ Support base64 strings in 'getBinaryValue()' for CBOR and Smile
+ (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name
+ (avro) Generate logicalType switch
+ (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name
+ (ion) 'jackson-dataformat-ion' does not handle
null.struct deserialization correctly
+ 'Ion-java' dep 1.4.0 -> 1.8.0
+ Minor change to Ion module registration names (fully-qualified)
+ (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)
+ (smile) Uncaught validation problem wrt Smile "BigDecimal" type
+ (smile) ArrayIndexOutOfBoundsException for malformed Smile header
+ (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE
+ (smile) Allocate byte[] lazily for longer Smile binary data payloads
+ (cbor) CBORParser need to validate zero-length byte[] for BigInteger
+ (smile) Handle invalid chunked-binary-format length gracefully
+ (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded)
+ (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue()
+ (smile) Handle sequence of Smile header markers without recursion
+ (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary)
+ (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids
when upgrading from 2.8
+ (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String
+ (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array)
+ (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer'
+ (ion) Add support for generating IonSexps
+ (ion) Add support for deserializing IonTimestamps and IonBlobs
+ (ion) Add 'IonObjectMapper.builderForBinaryWriters()' /
'.builderforTextualWriters()' convenience methods
+ (ion) Enabling pretty-printing fails Ion serialization
+ (ion) Allow disabling native type ids in IonMapper
+ (smile) Small bug in byte-alignment for long field names
in Smile, symbol table reuse
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (ion) Optimize 'IonParser.getNumberType()' using
'IonReader.getIntegerSize()'
+ (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING'
for lenient handling of Unicode surrogate pairs on writing
+ (cbor) Add support for decoding unassigned "simple
values" (type 7)
+ Add Gradle Module Metadata
(https://blog.gradle.org/alignment-with-gradle-module-metadata)
+ (avro) Cache record names to avoid hitting class loader
+ (avro) Avro null deserialization
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to
support binary writes, fix 'java.util.UUID' representation
+ (ion) Allow 'IonObjectMapper' with class name annotation
introspector to deserialize generic subtypes
+ Remove dependencies upon Jackson 1.X and Avro's
JacksonUtils
+ 'jackson-databind' should not be full dependency for
(cbor, protobuf, smile) modules
+ 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not
write most compact form for all integers
+ 'AvroGenerator' overrides 'getOutputContext()' properly
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (avro) Fix schema evolution involving maps of non-scalar
+ (protobuf) Parsing a protobuf message doesn't properly skip unknown fields
+ (ion) IonObjectMapper close()s the provided IonWriter unnecessarily
+ ion-java dependency 1.4.0 -> 1.5.1
</description>
</patchinfo>
