v3.0.0-RC1 / 2020 Sep 11
Pre-release
Pre-release
·
141 commits
to master
since this release
[com.taoensso/nippy "3.0.0-RC1"]Major BREAKING feature + security release.
See here for recommended steps when updating any Clojure/Script dependencies.
This release is focused on smoothing out rough edges left by
CVE-2020-24164[#130], and to ease transition from version of Nippy <v2.15.0final.
Apologies for the recent breaking changes!
Note that there's separate documentation below if upgrading from v2.15 or v2.14:
Since v2.15.0 (incl. BREAKING changes)
See [#130] for detailed upgrade instructions.
Changes
- [BREAKING] Bumped minimum Clojure version from
v1.5tov1.7. - [BREAKING]
*serializable-whitelist*has been split into two separate vars:*freeze-serializable-allowlist*,*thaw-serializable-allowlist*. See [#130] for details. - [BREAKING]
:nippy/unthawableresponses now have a standardized form:{:nippy/unthawable {:type _ :cause _ ...}. Most folks won't care about this change unless you have code specifically to deal with:nippy/unthawableresponses. - By default,
freezenow allows the use of Java's Serializable for any class.thawcontinues to be restrictive by default, and will quarantine any objects not on the class allowlist. See [#130] for details.
New
- [#122] Option to disable freezing and/or thawing of metadata.
freezeandthawnow support opts::serializable-allowlist,:incl-metadata?.- New
read-quarantined-serializable-object-unsafe!util to read quarantined Serializable objects. See [#130] for details.
Since v2.14.0 (incl. BREAKING changes)
See [#130] for detailed upgrade instructions.
Changes
- [BREAKING] [#130]
thawwill now quarantine Serializable objects whose class is not allowed by*thaw-serializable-allowlist*. See [#130] for details. - [BREAKING] Bumped minimum Clojure version from
v1.5tov1.7. - [BREAKING]
:nippy/unthawableresponses now have a standardized form:{:nippy/unthawable {:type _ :cause _ ...}. Most folks won't care about this change unless you have code specifically to deal with:nippy/unthawableresponses. - [#101] Switch default encryptor from
AES-CBCtoAES-GCM(faster, includes integrity check)
New
- [#127] Add utils:
freeze-to-string,thaw-from-string(@piotr-yuxuan) - [#113 #114] Add support for object arrays (@isaksky)
- [#83 #112] Add support for deftype (@isaksky)
- [#83 #113] Add support for URIs (@isaksky)
- [#126]
extend-freeze: include id collision odds in docstring
Fixes
- [#120] Update
freezable?to covernil