Skip to content

Releases: ruby/json

v2.20.0

23 Jun 14:24
@byroot byroot
v2.20.0
1316292

Choose a tag to compare

View all tags
v2.20.0 Latest
Latest

What's Changed

  • Both C and Java parsers are no longer recursive, so parsing very deep documents with max_nesting: false will no longer
    result in SystemStackError stack level too deep errors.
    • The :max_nesting option still defaults to 100.
  • Optimized floating point number parsing further by replacing the ryu algorithm by a port of Eisel-Lemire Fast Float.
  • Added JSON::ResumableParser to parse streams of JSON documents. Not yet available on JRuby.
  • Deprecate default support of JavaScript comments in the parser and add allow_comments: true parsing option.
  • Integrate with Ruby 4.1 ruby_sized_xfree.

Full Changelog: v2.19.8...v2.20.0

Assets 2
Loading

v2.19.9

11 Jun 18:49
@byroot byroot
v2.19.9
2cff267

Choose a tag to compare

View all tags
v2.19.9
  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO
    with JSON.generate(object, io). [CVE-2026-54696].

Full Changelog: v2.19.8...v2.19.9

Loading

v2.19.8

11 Jun 18:48
@byroot byroot
v2.19.8
5233dd9

Choose a tag to compare

View all tags
v2.19.8

What's Changed

  • Fix 1-byte buffer overread on EOS errors.
  • Handle invalid types passed as max_nesting option.

Full Changelog: v2.19.7...v2.19.8

Loading

v2.19.7

28 May 10:05
@byroot byroot
v2.19.7
ab6c8f2

Choose a tag to compare

View all tags
v2.19.7

What's Changed

  • Fix some more edge cases with out of range floats.
  • Ensure the string provided to JSON.parse can't be mutated during parsing.
  • Add missing write barriers in State#dup.
  • Further validate generator depth config.

Full Changelog: v2.19.6...v2.19.7

Loading

v2.19.6

28 May 07:03
@byroot byroot
v2.19.6
1e276eb

Choose a tag to compare

View all tags
v2.19.6

What's Changed

  • Cleanly handle overly large depth generator argument.
  • Add missing write barrier in ParserConfig.

Full Changelog: v2.19.5...v2.19.6

Loading

v2.19.5

04 May 04:58
@byroot byroot
v2.19.5
4a1a4a4

Choose a tag to compare

View all tags
v2.19.5

What's Changed

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

Full Changelog: v2.19.4...v2.19.5

Loading

v2.19.4

18 Apr 21:09
@byroot byroot
v2.19.4
6688a81

Choose a tag to compare

View all tags
v2.19.4

What's Changed

  • Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Full Changelog: v2.19.2...v2.19.4

Loading

v2.19.3

25 Mar 11:04
@byroot byroot
v2.19.3
779d441

Choose a tag to compare

View all tags
v2.19.3
  • Fix handling of unescaped control characters preceeded by a backslash.

Full Changelog: v2.19.2...v2.19.3

Loading

v2.19.2

18 Mar 17:28
@byroot byroot
v2.19.2
54f8a87

Choose a tag to compare

View all tags
v2.19.2

What's Changed

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210

Full Changelog: v2.19.1...v2.19.2

Loading

v2.17.1.2

18 Mar 17:46
@byroot byroot
v2.17.1.2
e4a77e1

Choose a tag to compare

View all tags
v2.17.1.2
  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210

Full Changelog: v2.17.1...v2.17.1.2

Loading