Department mainstream java json framework FASTJSON, GSON, jackson .
Had always insisted would like to use domestically fastjson, and frequently broke vulnerability ...
An upgraded version of the production environment is also frequent, but also that next time will not be a problem ..
The most frightening thing is, after you upgrade to the latest 1.26,
Project wrong. github issue which found that many people experiencing the same problem with me, a week or so. No one update.
Then a friend recommended below gives the rollback version.
But unfortunately, there is no upgrade to address vulnerabilities, upgrade has bug.
After back to back, everything is normal ...
Of course, fastjson author was also a very fast hardware heavyweights. Selfless made so many contributions, but Ali is not a professional open source sector. With the ability of individuals, it is indeed difficult to maintain long-term, timely response.
The latter may be used: GSON, jackson