Skip to content

JSON for Modern C++ Version 2.0.10
Compare
Choose a tag to compare
@nlohmann nlohmann released this 02 Jan 15:39
· 3252 commits to develop since this release
v2.0.10
9755cc7
  • Release date: 2017-01-02
  • SHA-256: ec27d4e74e9ce0f78066389a70724afd07f10761009322dc020656704ad5296d

Summary

This release fixes several security-relevant bugs in the MessagePack and CBOR parsers. The fixes are backwards compatible.

Changes

  • πŸ› Fixed a lot of bugs in the CBOR and MesssagePack parsers. These bugs occurred if invalid input was parsed and then could lead in buffer overflows. These bugs were found with Google's OSS-Fuzz, see #405, #407, #408, #409, #411, and #412 for more information.
  • πŸ‘· We now also use the Doozer continuous integration platform.
  • πŸ‘· The complete test suite is now also run with Clang's address sanitizer and undefined-behavior sanitizer.
  • βœ… Overworked fuzz testing; CBOR and MessagePack implementations are now fuzz-tested. Furthermore, all fuzz tests now include a round trip which ensures created output can again be properly parsed and yields the same JSON value.
  • πŸ“ Clarified documentation of find() function to always return end() when called on non-object value types.
  • πŸ”¨ Moved thirdparty test code to test/thirdparty directory.
Assets 4
Loading