New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
limit yaml/json decode size #83261
limit yaml/json decode size #83261
Conversation
9e7ab73
to
29a406a
Compare
/cc @cjcullen |
29a406a
to
95c762c
Compare
b1a0410
to
06e0e8b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I stopped when I got confused with how the overhead consts are determined. I'll continue on Monday.
0dbd6c2
to
1f5b26e
Compare
/hold |
/hold cancel added integration tests against normal and custom resources exercising create and all the patch flows, just above and below the accepted size limit |
/lgtm |
/retest |
…1-upstream-release-1.14 [1.14] Automated cherry pick of #83261: bump gopkg.in/yaml.v2 v2.2.4
…1-upstream-release-1.16 [1.16] Automated cherry pick of #83261: bump gopkg.in/yaml.v2 v2.2.4
…1-upstream-release-1.13-1570075716 [1.13] Automated cherry pick of #83261: bump gopkg.in/yaml.v2 v2.2.4
…1-upstream-release-1.15 [1.15] Automated cherry pick of #83261: bump gopkg.in/yaml.v2 v2.2.4
limit yaml/json decode size Kubernetes-commit: 4afcba4
What type of PR is this?
/kind bug
What this PR does / why we need it:
Fixes resource exhaustion issues in json and yaml parsers
Which issue(s) this PR fixes:
Fixes #83253
Special notes for your reviewer:
Does this PR introduce a user-facing change?: