You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cassandra.apache.org by Jasonstack Zhao Yang <zh...@gmail.com> on 2018/12/14 10:39:35 UTC

CASSANDRA-14925 DecimalSerializer.toString() can OOM

Hi,

Would like to get some feedback for CASSANDRA-14925.

In order to avoid potential OOM attack, we propose to change
DecimalSerializer.toString() from `BigDecimal.toPlainString()` to
`BigDecimal.toString()` on Trunk.

This change should not cause any compatibility issues..

Thanks
Zhao Yang

Re: CASSANDRA-14925 DecimalSerializer.toString() can OOM

Posted by "dinesh.joshi@yahoo.com.INVALID" <di...@yahoo.com.INVALID>.

I think it makes sticking to trunk as this change will affect log messages and may break tooling that depends on certain patterns.
Dinesh 

    On Friday, December 14, 2018, 4:09:51 PM GMT+5:30, Jasonstack Zhao Yang <zh...@gmail.com> wrote:  
 
 Hi,

Would like to get some feedback for CASSANDRA-14925.

In order to avoid potential OOM attack, we propose to change
DecimalSerializer.toString() from `BigDecimal.toPlainString()` to
`BigDecimal.toString()` on Trunk.

This change should not cause any compatibility issues..

Thanks
Zhao Yang