We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
【背景】json转换异常时,fastjson的jar包会携带fastjson的版本号给出,因为部分交易的校验异常会直接反馈给页面,所以项目组被冠上了一个版本号泄露的安全问题。 【复现过程】 String payload = "{"@type":"java.lang.AutoCloseable""; JSON.parseObject(payload); 【具体代码位置】具体部分代码在这个地方: javaBeanDeserializer.java#L504: buf.append(", fastjson-version ").append(JSON.VERSION); 【结果】 Exception in thread "main" com.alibaba.fastjson.JSONException: syntax error, expect {, actual EOF, pos 0, fastjson-version 1.2.76 【期望】社区是否能定义异常码等渠道显示异常,而不直接暴露fastjson的版本号
The text was updated successfully, but these errors were encountered:
No branches or pull requests
【背景】json转换异常时,fastjson的jar包会携带fastjson的版本号给出,因为部分交易的校验异常会直接反馈给页面,所以项目组被冠上了一个版本号泄露的安全问题。
【复现过程】
String payload = "{"@type":"java.lang.AutoCloseable"";
JSON.parseObject(payload);
【具体代码位置】具体部分代码在这个地方:
javaBeanDeserializer.java#L504:
buf.append(", fastjson-version ").append(JSON.VERSION);
【结果】
Exception in thread "main" com.alibaba.fastjson.JSONException: syntax error, expect {, actual EOF, pos 0, fastjson-version 1.2.76
【期望】社区是否能定义异常码等渠道显示异常,而不直接暴露fastjson的版本号
The text was updated successfully, but these errors were encountered: