Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport PR #16832 to 8.17: Apply Jackson stream read constraints defaults at runtime #16846

Merged
merged 1 commit into from
Jan 2, 2025
Merged

Backport PR #16832 to 8.17: Apply Jackson stream read constraints defaults at runtime #16846

merged 1 commit into from
Jan 2, 2025

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jan 2, 2025

Backport PR #16832 to 8.17 branch, original message:

Release notes

Ensure that the Jackson read constraints defaults (Maximum Number value length, Maximum String value length, and Maximum Nesting depth) are applied at runtime if they are absent from jvm.options.

What does this PR do?

When Logstash 8.12.0 added increased Jackson stream read constraints to jvm.options, assumptions about the existence of that file's contents were invalidated. This led to issues like #16683.

This change ensures Logstash applies defaults from config at runtime:

  • MAX_STRING_LENGTH: 200_000_000
  • MAX_NUMBER_LENGTH: 10_000
  • MAX_NESTING_DEPTH: 1_000

These match the jvm.options defaults and are applied even when config is missing. Config values still override these defaults when present.

Why is it important/What is the impact to the user?

Users who have custom jvm.options files or have files that are not being updated with defaults in latest Logstash releases will still get the defaults we intend configure for the Jackson parsing lib.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files (and/or docker env variables)
  • I have added tests that prove my fix is effective or that my feature works

Related issues

Closes #16773

@donoghuc @logstashmachine
Apply Jackson stream read constraints defaults at runtime (#16832)
a80de6d 
When Logstash 8.12.0 added increased Jackson stream read constraints to
jvm.options, assumptions about the existence of that file's contents
were invalidated. This led to issues like #16683.

This change ensures Logstash applies defaults from config at runtime:
- MAX_STRING_LENGTH: 200_000_000
- MAX_NUMBER_LENGTH: 10_000
- MAX_NESTING_DEPTH: 1_000

These match the jvm.options defaults and are applied even when config
is missing. Config values still override these defaults when present.

(cherry picked from commit cc608eb)
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

donoghuc
donoghuc approved these changes Jan 2, 2025
View reviewed changes
Copy link
Member

@donoghuc donoghuc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean backport.

@donoghuc donoghuc merged commit 515175f into 8.17 Jan 2, 2025
5 checks passed
@donoghuc donoghuc deleted the backport_16832_8.17 branch January 2, 2025 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@donoghuc donoghuc donoghuc approved these changes

Assignees
No one assigned
Labels
backport v8.17.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elasticmachine @donoghuc