Skip to content

Change default of DeserializationFeature.FAIL_ON_TRAILING_TOKENS to true for 3.0 #3406

@yawkat

Description

@yawkat

imo it is better to fail by default here. If you're parsing line-delimited json, you'll notice immediately if you forget to turn off FAIL_ON_TRAILING_TOKENS. However in the other direction, if it was off by default and you forget to turn it on, you probably would never notice (few people test for failures), which could also open up the door to parsing differential vulnerabilities in an application.

See discussion on #3400

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.0Issue planned for initial 3.0 release3.0-release-notesIssues relevant for 3.0 release notes.

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions