You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by "CodePlayer (via GitHub)" <gi...@apache.org> on 2023/05/08 07:32:33 UTC

[GitHub] [dubbo] CodePlayer opened a new pull request, #12258: fix generic type deserialize bug ( #12257 )

CodePlayer opened a new pull request, #12258:
URL: https://github.com/apache/dubbo/pull/12258

   fix fastjson2 generic type deserialize failed ( issue #12257 )


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] CodePlayer commented on pull request #12258: fix generic type deserialize bug ( #12257 )

Posted by "CodePlayer (via GitHub)" <gi...@apache.org>.

CodePlayer commented on PR #12258:
URL: https://github.com/apache/dubbo/pull/12258#issuecomment-1541440533

   > 
   
   Please note that, `JSONReader.Feature.IgnoreAutoTypeNotMatch` means that the types **can be** mismatched.
   
   **It existed before**.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] AlbumenJ commented on pull request #12258: fix generic type deserialize bug ( #12257 )

Posted by "AlbumenJ (via GitHub)" <gi...@apache.org>.

AlbumenJ commented on PR #12258:
URL: https://github.com/apache/dubbo/pull/12258#issuecomment-1541432724

   > > Dubbo already use `ContextAutoTypeBeforeHandler` to indicate which classes can be deserialized. SupportAutoType should not be enabled.
   > 
   > @AlbumenJ But, it **still has bugs**. Same code, using Hessian2 it works, switch to fastjson2 it goes wrong。
   > 
   > I think, Dubbo should remove `JSONReader.Feature.IgnoreAutoTypeNotMatch`, instead of `JSONReader.Feature.SupportAutoType`.
   > 
   > Because Dubbo is based on **interfaces** and is **strongly typed**, fastjson2 will judge whether the types match, and throw an exception if they do not match.
   
   For security purpose, we should check type if match. Otherwise, there may some arbitrary serialization issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] CodePlayer commented on pull request #12258: fix generic type deserialize bug ( #12257 )

Posted by "CodePlayer (via GitHub)" <gi...@apache.org>.

CodePlayer commented on PR #12258:
URL: https://github.com/apache/dubbo/pull/12258#issuecomment-1541435996

   I just tested it.
   After I upgraded to fastjson **2.0.32-SNAPSHOT**,  it works fine.
   
   The key reason is that fastjson has a bug.  After my feedback, it has been fixed in the new version.
   But, the new version has not yet been officially released.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] CodePlayer closed pull request #12258: fix generic type deserialize bug ( #12257 )

Posted by "CodePlayer (via GitHub)" <gi...@apache.org>.

CodePlayer closed pull request #12258: fix generic type deserialize bug ( #12257 )
URL: https://github.com/apache/dubbo/pull/12258


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] CodePlayer commented on pull request #12258: fix generic type deserialize bug ( #12257 )

Posted by "CodePlayer (via GitHub)" <gi...@apache.org>.

CodePlayer commented on PR #12258:
URL: https://github.com/apache/dubbo/pull/12258#issuecomment-1541397852

   > Dubbo already use `ContextAutoTypeBeforeHandler` to indicate which classes can be deserialized. SupportAutoType should not be enabled.
   
   
   @AlbumenJ 
   But, it **still has bugs**. Same code, using Hessian2 it works, switch to fastjson2 it goes wrong。
   
   I think, Dubbo should remove `JSONReader.Feature.IgnoreAutoTypeNotMatch`, instead of `JSONReader.Feature.SupportAutoType`.
   
   Because Dubbo is based on **interfaces** and is **strongly typed**, fastjson2 will judge whether the types match, and throw an exception if they do not match.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org