You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cassandra.apache.org by Jasonstack Zhao Yang <zh...@gmail.com> on 2018/12/14 10:39:35 UTC
CASSANDRA-14925 DecimalSerializer.toString() can OOM
Hi,
Would like to get some feedback for CASSANDRA-14925.
In order to avoid potential OOM attack, we propose to change
DecimalSerializer.toString() from `BigDecimal.toPlainString()` to
`BigDecimal.toString()` on Trunk.
This change should not cause any compatibility issues..
Thanks
Zhao Yang
Re: CASSANDRA-14925 DecimalSerializer.toString() can OOM
Posted by "dinesh.joshi@yahoo.com.INVALID" <di...@yahoo.com.INVALID>.
I think it makes sticking to trunk as this change will affect log messages and may break tooling that depends on certain patterns.
Dinesh
On Friday, December 14, 2018, 4:09:51 PM GMT+5:30, Jasonstack Zhao Yang <zh...@gmail.com> wrote:
Hi,
Would like to get some feedback for CASSANDRA-14925.
In order to avoid potential OOM attack, we propose to change
DecimalSerializer.toString() from `BigDecimal.toPlainString()` to
`BigDecimal.toString()` on Trunk.
This change should not cause any compatibility issues..
Thanks
Zhao Yang