luciano/nippy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
716 commits 2 branches 109 tags 2 MiB
Commit graph

251 commits

Author SHA1 Message Date
Peter Taoussanis
e3c1d478d1 v3.0.0-RC2 2020-09-12 12:16:55 +02:00
Peter Taoussanis
46624ae4ba Bump deps 2020-09-12 11:55:29 +02:00
Peter Taoussanis
f91292c969 v3.0.0-RC1 2020-09-11 12:37:54 +02:00
Peter Taoussanis
c4251fb39f [BREAKING][#130] Serializable: split *serializable-whitelist* into separate freeze/thaw lists 
Removed 2x vars:
  -     *serializable-whitelist*
  - swap-serializable-whitelist!

Added 4x vars:
  -     *freeze-serializable-allowlist*
  -       *thaw-serializable-allowlist*
  - swap-freeze-serializable-allowlist!
  -   swap-thaw-serializable-allowlist!

Deprecated 2x JVM properties:
  - taoensso.nippy.serializable-whitelist-base
  - taoensso.nippy.serializable-whitelist-add

Deprecated 2x ENV vars:
  - TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_BASE
  - TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_ADD

API is otherwise identical.

MOTIVATION

  An API break is unfortunate- but the break here is small, and the
  benefit significant.

  By separating the freeze/thaw lists, it becomes possible to safely
  allow *any* classes to be frozen - and so effectively make the
  allowlist a purely thaw-time concern in the common case.

  This has several advantages including:

    - No risk of Nippy calls unexpectedly throwing where they didn't
      before.

    - The ability to adjust or bypass the thaw allowlist *after*
      seeing which class objects have been quarantined.

  In general: this change eases migration to RCE-safe Nippy from
  RCE-vulnerable versions. This is especially useful in cases where
  Nippy is being used as an ~implementation detail for another
  library/application/service.
 2020-09-11 10:38:58 +02:00
Peter Taoussanis
421d45b3c3 Bump Encore dep (v3.0.0) 2020-09-10 22:53:43 +02:00
Peter Taoussanis
7464f1e044 [BREAKING] Bump minimum Clojure 1.5->1.7 2020-09-10 12:37:21 +02:00
Peter Taoussanis
ac14ed42b1 v2.15.3 2020-09-10 11:48:45 +02:00
Peter Taoussanis
ee9917d42a Update project.clj, bump deps 2020-09-10 11:05:02 +02:00
Peter Taoussanis
7fe200e60a v2.15.2 
Encore 1.123.0 introduced an issue affecting Timbre.
Issue was addressed with Encore 2.125.2.

Updating Encore here doesn't affect Nippy, but may be helpful
for users of Nippy that also use Timbre and that haven't otherwise
updated to a newer version of Encore yet.
 2020-08-31 09:14:49 +02:00
Peter Taoussanis
aaf54d9c9c v2.15.1 2020-08-27 10:34:48 +02:00
Peter Taoussanis
79612437ca [#131] *serializable-whitelist*: add JVM property, env var overrides 2020-08-27 10:34:47 +02:00
Peter Taoussanis
cf84a441f4 Revert v2.14.2 hotfix reset 2020-07-24 19:38:16 +02:00
Peter Taoussanis
ea93fee8e2 v2.14.2 hotfix 2020-07-24 19:37:11 +02:00
Peter Taoussanis
640c6dbbb0 v2.15.0 2020-07-24 19:24:46 +02:00
Peter Taoussanis
e554dbb1c5 Fix tests path 2020-07-24 17:09:58 +02:00
Peter Taoussanis
809bcdc649 Bump deps 2020-07-23 12:22:27 +02:00
Peter Taoussanis
ee31c1c64b v2.15.0-RC1 2019-02-16 10:37:51 +01:00
Peter Taoussanis
7ea7bc5247 Bump misc deps 2019-02-16 10:36:19 +01:00
Peter Taoussanis
f955ed9b7e [#116] Update lz4 lib: 1.3->1.5 (@johnmcconnell) 
The Maven group had changed, so didn't notice newer versions were
available. Changelog at https://github.com/lz4/lz4-java/blob/master/CHANGES.md#150.
 2019-01-19 10:50:37 +01:00
Peter Taoussanis
4dc1e121e9 v2.15.0-alpha9 2019-01-06 14:21:30 +01:00
Peter Taoussanis
d2252d8e21 Bump deps 2019-01-06 12:24:29 +01:00
Peter Taoussanis
5a705ca79e v2.15.0-alpha4 2018-10-07 09:39:28 +02:00
Peter Taoussanis
972c637ff4 v2.15.0-alpha3 2018-09-23 19:39:59 +02:00
Peter Taoussanis
bfc65f0970 v2.15.0-alpha2 2018-09-15 12:01:07 +02:00
Peter Taoussanis
7fa1d3686c v2.15.0-alpha1 2018-09-08 19:38:41 +02:00
Peter Taoussanis
6a63950455 Bump deps 2018-09-08 14:58:12 +02:00
Peter Taoussanis
b3a78fa30e v2.14.0 2017-12-21 11:05:06 +01:00
Peter Taoussanis
99748d9c0b Bump deps 2017-12-21 10:47:30 +01:00
Peter Taoussanis
e57057e6c4 v2.13.0 2017-02-13 17:59:18 +01:00
Peter Taoussanis
ffa4b494b3 Bump deps 2017-02-13 17:00:56 +01:00
Peter Taoussanis
a0ca70c9dc v2.13.0-RC1 2016-12-17 12:15:17 +01:00
Peter Taoussanis
a41c391889 Bump deps 2016-12-17 11:56:46 +01:00
Peter Taoussanis
a4d15232dc Bump deps 2016-10-17 15:33:21 +07:00
Peter Taoussanis
0894ecffce v2.12.2 2016-08-23 22:34:14 +07:00
Peter Taoussanis
e1ca795466 v2.12.1 2016-07-26 12:24:57 +07:00
Peter Taoussanis
8350149a1e Bump encore dep: 2.67.1 -> 2.68.0 2016-07-26 12:24:57 +07:00
Peter Taoussanis
9bac40e705 v2.12.0 2016-07-24 15:56:01 +07:00
Peter Taoussanis
a8faac734c Sync housekeeping 2016-07-24 15:48:09 +07:00
Peter Taoussanis
1df4847102 v2.12.0-RC2 2016-07-17 15:42:41 +07:00
Peter Taoussanis
f4521f78b3 Bump deps 2016-07-17 15:04:54 +07:00
Peter Taoussanis
2700ab0b6f v2.12.0-RC1 2016-06-23 20:10:57 +07:00
Peter Taoussanis
a8148d5d0c v2.12.0-beta3 2016-06-17 12:33:02 +07:00
Peter Taoussanis
1670535332 Bump deps 2016-06-16 11:21:11 +07:00
Peter Taoussanis
c6c1e1419e v2.12.0-beta2 2016-06-10 11:02:17 +07:00
Peter Taoussanis
eab4b76aee Bump deps 2016-06-09 19:36:18 +07:00
Peter Taoussanis
a5a04dc11a v2.12.0-SNAPSHOT 2016-05-09 14:05:02 +07:00
Peter Taoussanis
0df6a7b0f3 Misc hk 2016-05-09 14:05:02 +07:00
Peter Taoussanis
b623b4a8cc NB *BREAKING*: refactor type defs, variable-sized types, etc. 
Changes incl:
  - Hid a bunch of undocumented impl. details
  - A number of performance optimizations
 2016-04-14 12:16:27 +07:00
Peter Taoussanis
d327f0ff38 Types: add dedicated 2 and 3 tuple type 2016-04-13 11:13:01 +07:00
Peter Taoussanis
7adad2240c Perf: optimize coll freezing via new enc/reduce-n 
- Take advantage of clojure.lang.LongRange
  - Avoid unnecessary temp `[k v]` (map entry) constructions
 2016-04-13 11:13:01 +07:00
Peter Taoussanis
fbae850330 v2.11.1 2016-02-25 19:00:26 +07:00
Peter Taoussanis
51e0654cb3 v2.11.0 2016-02-25 18:48:45 +07:00
Peter Taoussanis
d1c0fb6ddd Bump deps 2016-02-25 18:47:17 +07:00
Peter Taoussanis
5e93d48032 Clojure 1.8.0 is out 2016-01-23 11:59:48 +07:00
Peter Taoussanis
91ad9656ce v2.11.0-RC1 2016-01-23 11:46:46 +07:00
Peter Taoussanis
28765ac501 Bump deps 2016-01-23 11:10:17 +07:00
Peter Taoussanis
a17c0748d1 v2.11.0-beta1 2015-12-13 11:25:38 +07:00
Peter Taoussanis
58bf4ed871 v2.11.0-alpha6 2015-12-01 18:35:34 +07:00
Peter Taoussanis
d129da990c v2.11.0-alpha1 2015-12-01 16:39:24 +07:00
Peter Taoussanis
5849320d3a Drop Expectations, migrate to clojure.test, update test.check stuff 2015-12-01 14:56:41 +07:00
Peter Taoussanis
f70cfc3772 Bump deps 2015-12-01 14:45:25 +07:00
Peter Taoussanis
7072f73952 Misc hk 2015-10-06 13:07:41 +07:00
Peter Taoussanis
8989df5c3d v2.11.0-SNAPSHOT 2015-09-30 12:20:52 +07:00
Peter Taoussanis
280019a4bc v2.10.0 2015-09-30 12:11:32 +07:00
Peter Taoussanis
f1af76635a Project.clj housekeeping, drop support for Clojure 1.4 
Clojure 1.4 support is becoming more and more hassle; not worth it
 2015-09-30 11:57:46 +07:00
Peter Taoussanis
b20321622b v2.10.0-RC1 2015-09-30 11:57:46 +07:00
Peter Taoussanis
ce39987b8c Bump deps 2015-09-30 11:57:46 +07:00
Peter Taoussanis
40b39db9eb v2.10.0-beta1 2015-09-17 11:15:00 +07:00
Peter Taoussanis
a3847a4818 Misc housekeeping 2015-09-17 11:11:06 +07:00
Peter Taoussanis
c0fcedf72e Use Encore v2+ for dev (benching) lein profile 2015-09-17 11:11:06 +07:00
Peter Taoussanis
d89649deeb Bump deps 2015-09-14 20:12:11 +07:00
Peter Taoussanis
11545690c8 NB switch to encore edn reader/writer 2015-09-14 17:08:23 +07:00
Peter Taoussanis
12d90a05f8 Bump dev Clojure version 2015-09-14 17:08:23 +07:00
Peter Taoussanis
e8edba1493 v2.9.1 2015-09-14 17:03:15 +07:00
Peter Taoussanis
b30f3bf56c v2.9.0 2015-06-01 10:45:28 +07:00
Peter Taoussanis
5406bfa970 v2.9.0-RC3 2015-05-29 14:25:33 +07:00
Peter Taoussanis
fc2b216e6e Bump encore dep (v1.32.0) 2015-05-29 14:21:59 +07:00
Peter Taoussanis
7753eefd2e Switch to encore v1.28.0, doseq->backport-run! (better perf) 2015-05-06 17:37:12 +07:00
Peter Taoussanis
e8fc801ab3 v2.9.0-RC1 2015-04-29 11:54:38 +07:00
Peter Taoussanis
ed3d9c55d9 Bump deps 2015-04-29 11:49:43 +07:00
Peter Taoussanis
d5fea13bfb Misc housekeeping 2015-04-29 11:47:39 +07:00
Peter Taoussanis
a8a6c933b3 Bump deps 2015-04-18 14:13:29 +07:00
Peter Taoussanis
38efea3ca9 v2.8.0 2015-02-18 17:33:58 +07:00
Peter Taoussanis
580cfde6fd Bump deps 2015-02-18 17:33:37 +07:00
Peter Taoussanis
55e8a4f012 v2.7.1 2014-11-27 17:31:14 +07:00
Peter Taoussanis
5cedeacf63 Bump deps 2014-11-27 15:32:04 +07:00
Peter Taoussanis
89c51ffc83 v2.7.0 2014-10-06 15:02:07 +07:00
Peter Taoussanis
12254baed2 Bump deps 2014-10-06 15:02:06 +07:00
Peter Taoussanis
4e1a7fe562 Project.clj hk 2014-09-02 22:01:16 +07:00
Peter Taoussanis
efe54c01ec Fix project version (should be -RC1, not -SNAPSHOT) 2014-09-02 12:21:52 +07:00
Peter Taoussanis
ae42a8f9de Bump deps 2014-08-27 19:20:23 +07:00
Peter Taoussanis
2a13ccfdf7 Revert "Temporarily revert expectations dep bump due to #40" 
This reverts commit e17a7f8248.

Expectations v2.0.8 fixes this issue, Ref.
https://github.com/jaycfields/expectations/issues/40#issuecomment-50468973
 2014-08-27 19:20:23 +07:00
Peter Taoussanis
d2ddeb846d v2.7.0-SNAPSHOT 2014-08-27 19:20:23 +07:00
Peter Taoussanis
05b424fe33 v2.7.0-alpha1 2014-07-06 13:34:12 +07:00
Peter Taoussanis
e17a7f8248 Temporarily revert expectations dep bump due to #40 
https://github.com/jaycfields/expectations/issues/40
 2014-07-06 13:25:08 +07:00
Peter Taoussanis
9a9330ed51 Update project.clj template 2014-07-06 13:25:08 +07:00
Peter Taoussanis
39c5b12875 Bump deps 2014-07-04 16:42:40 +07:00
Peter Taoussanis
a6aba2c92a Add experimental LZ4 compressors 2014-04-29 23:10:26 +07:00
Peter Taoussanis
7cd5f83dce Bump deps 2014-04-29 23:10:26 +07:00
Peter Taoussanis
dd40f67c92 v2.6.3 2014-04-29 23:08:00 +07:00