You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
InputBuffer throws a StreamException when trying to skip beyond the
end of the stream. This mitigates a CPU DoS vulnerability.
Deserialization from JSON payloads will no longer process very deeply
nested structures. Instead, a bond::CoreException will be thrown in
order to protect against stack overflows. The depth limit may be changed
by calling the function bond::SetDeserializeMaxDepth(uint32_t).
Breaking change: Protocols must now implement CanReadArray method and
Buffers must implement CanRead method. These are used to perform checks that
mitigate memory allocation vulnerabilities.
Breaking change: Custom containers must implement reset_list and list_insert.
Standard implementations are provided. This API is used to incrementally fill
containers of complex types when preallocation may be unsafe. Expected container
size is provided in reset_list, where client code can perform sanity checks before
any memory is allocated by Bond.
bond::CoreException is thrown when the payload has a greater declared size
than the backing buffer.
Known issue: Debug builds with MSVC 14.0 (Visual Studio 2015) may fail at
runtime if custom allocators for containers are used. Newer MSVC versions and
other compilers are not affected, neither are Release builds with MSVC 14.0. This
can be worked around by using newer MSVC version or building in Release configuration.
