tag:github.com,2008:https://github.com/go-yaml/yaml/releasesTags from yaml2022-05-27T08:35:30Ztag:github.com,2008:Repository/17451182/v3.0.12022-05-27T08:35:30Zv3.0.1: The Billion Dollar Mistake<p>The Billion Dollar Mistake</p>
<p>To be fair, it only happens here because this is a C-style API that was
<br />converted to Go but keeping its general shape. The proper fix, to be
<br />done eventually, is to replace all these boolean error flags by proper
<br />error types.</p>
<p><span class="issue-keyword tooltipped tooltipped-se">Fixes</span> <a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/issues/665">#665</a></p>niemeyertag:github.com,2008:Repository/17451182/v3.0.02022-05-21T10:33:21Zv3.0.0niemeyertag:github.com,2008:Repository/17451182/v2.4.02020-11-17T15:46:20Zv2.4.0: Revert v2 line length change as discussed in #670<p>Revert v2 line length change as discussed in <a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/pull/670">#670</a></p>
<p>It was clearly a mistake to accept the default formatting change in v2,
<br />and now there's no ideal choice. Either we revert the change and break
<br />some projects twice, or we keep the change and break some projects once.
<br />Given the report comes from Kubernetes, which has a relevant community
<br />and code size, we'll revert it. At the same time, to simplify the life
<br />of those that already started migrating towards the v3 behavior, a new
<br />FutureLineWrap function is being introduced to trivially preserve the
<br />new behavior where desired.</p>
<p>The v3 branch is not affected by this, and will retain the default
<br />non-wrapping behavior. It will also be changed soon to support per
<br />arbitrary line-wrapping for individual encoding operations.</p>
<p>Thanks to everyone who offered code and ideas, and apologies for
<br />the trouble.</p>niemeyertag:github.com,2008:Repository/17451182/v2.3.02020-05-06T23:08:38Zv2.3.0laveryatag:github.com,2008:Repository/17451182/v2.2.82020-01-21T17:19:40Zv2.2.8: Optimize cases with long potential simple_keys (#555)<p>Optimize cases with long potential simple_keys (<a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/pull/555">#555</a>)</p>
<p>This change introduces an index to lookup token numbers referenced by simple_keys in O(1),
<br />thus significantly reducing the performance impact of certain abusively constructed snippets.</p>
<p>When we build up the simple_keys stack, we count on the (formerly named) staleness check to
<br />catch errors where a simple key is required but would be > 1024 chars or span lines. The previous
<br />simplification that searches the stack from the top can go 1024 keys deep before finding a "stale"
<br />key and stopping. I added a test that shows that this consumes ~3s per 1MB of document size.</p>cjcullentag:github.com,2008:Repository/17451182/v2.2.72019-11-19T21:27:36Zv2.2.7niemeyertag:github.com,2008:Repository/17451182/v2.2.62019-11-19T11:51:43Zv2.2.6chenrui333tag:github.com,2008:Repository/17451182/v2.2.52019-11-04T18:03:43Zv2.2.5: Fix check for non-map alias merging in v2 (#529)<p>Fix check for non-map alias merging in v2 (<a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/issues/529">#529</a>)</p>
<p>The problem does not affect v3.</p>niemeyertag:github.com,2008:Repository/17451182/v2.2.42019-10-02T18:33:36Zv2.2.4: Improve heuristics preventing CPU/memory abuse (#515)<p>Improve heuristics preventing CPU/memory abuse (<a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/pull/515">#515</a>)</p>
<p>This addresses the following items:</p>
<p>==== Parse time of excessively deep nested or indented documents</p>
<p>Parsing these documents is non-linear; limiting stack depth to 10,000 keeps parse times of pathological documents sub-second (~.25 seconds in benchmarks)</p>
<p>==== Alias node expansion limits</p>
<p>The current limit allows 10,000% expansion, which is too permissive for large documents.</p>
<p>Limiting to 10% expansion for larger documents allows callers to use input size as an effective way to limit resource usage. Continuing to allow larger expansion rates (up to the current 10,000% limit) for smaller documents does not unduly affect memory use.</p>
<p>This change bounds decode operations from alias expansion to ~400,000 operations for small documents (worst-case ~100-150MB) or 10% of the input document for large documents, whichever is greater.</p>liggitttag:github.com,2008:Repository/17451182/v2.2.32019-09-30T19:09:21Zv2.2.3: Add logic to catch cases of alias abuse.<p>Add logic to catch cases of alias abuse.</p>
<p>Backport of <a class="commit-link" href="https://github.com/go-yaml/yaml/commit/caeefd850a4388b005740feb8a31067e8654497f"><tt>caeefd8</tt></a>.</p>niemeyer