Closed plokhotnyuk closed 4 years ago
gertjana
commented
4 years ago Thanks for reporting this, of course, we would consider moving to a safer and more efficient library but we would probably pick one, that is better supported in the open-source community.
reinierl
commented
4 years ago As JSON4S indeed seems not very intensely maintained, we'd probably pick something else if we'd had to write this library today. For now it works though and these issues don't seem serious enough to warrant an overhaul to a different JSON library. So I'm closing this ticket for now.
Note also that OCPP is typically used between systems that trust each other. This kind of issue seems more urgent for people who host public web APIs to me.
Json4s is vulnerable under DoS/DoW attacks which exploit
O(n^2)complexity of insertion into Scala's hash maps in case of colliding hash codes or parsing of JSON numbers.Would you consider migration to a much safer and more efficient library like jsoniter-scala?