json 2.15.1-java → 2.15.2.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9c9f896105222f17d7561710f916b6dd6ceb760e3d9ac17a778159954a3cd4d
-  data.tar.gz: 551c43c7e7f71d3c849d4b6af1a3542665b21732e2f5114631163d789cde7c92
+  metadata.gz: 0f8cb2876d08c1388fc4d57e9ef0ef9fb4a05d80a0c12b1d955dc1a58d81f759
+  data.tar.gz: d9a7847da9e71d6e811e69cbd410cd612947f9861830d0fb0d35aaf4e9db083d
 SHA512:
-  metadata.gz: eb15c44e7a4372de8f9aed4ec69f4070bffdd9311e32606b91d81b3326ff343e5d64d5346f3a604be0f83ce623ba13d45ea63ace209ba9bc47f758dcc7d8e05f
-  data.tar.gz: a9c67ce3cdc6faf65fc8467d043bf9907d58933bdff9131b184ee29d735277a88d597846c04bcbe1ae3e2990aca62c8b19e6b90307c16bdd69b7b2b863166b29
+  metadata.gz: 8de7ac6ff6d6015cf62ffb8668bcc8bd95adfc8421f4917ba1cd417f630b8ce2f2d64ebeae3ad76ebe111fdcc23d6d844f96644f6a240f7b5e5a7973c23f4854
+  data.tar.gz: 732b12a5d1d2c4526fe7f1b3ddcb1ac1eeba0e2de4758a631524566c3940c5bba987abbf47c139ce22da82585d39b56a6fc72b95e61cbdff85d549210b776a63

data/CHANGES.md

@@ -2,6 +2,15 @@
 
 ### Unreleased
 
+### 2026-03-18 (2.15.2.1)
+
+* Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false).
+
+### 2025-10-25 (2.15.2)
+
+* Fix `JSON::Coder` to have one dedicated depth counter per invocation.
+  After encountering a circular reference in `JSON::Coder#dump`, any further `#dump` call would raise `JSON::NestingError`.
+
 ### 2025-10-07 (2.15.1)
 
 * Fix incorrect escaping in the JRuby extension when encoding shared strings.

data/lib/json/truffle_ruby/generator.rb

@@ -212,7 +212,7 @@ module JSON
           return if @max_nesting.zero?
           current_nesting = depth + 1
           current_nesting > @max_nesting and
-            raise NestingError, "nesting of #{current_nesting} is too deep"
+            raise NestingError, "nesting of #{current_nesting} is too deep. Did you try to serialize objects with circular references?"
         end
 
         # Returns true, if circular data structures are checked,
@@ -347,6 +347,10 @@ module JSON
           dup.generate(obj, anIO)
         end
 
+        private def initialize_copy(_orig)
+          @depth = 0
+        end
+
         # Handles @allow_nan, @buffer_initial_length, other ivars must be the default value (see above)
         private def generate_json(obj, buf)
           case obj

data/lib/json/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JSON
-  VERSION = '2.15.1'
+  VERSION = '2.15.2.1'
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: json
 version: !ruby/object:Gem::Version
-  version: 2.15.1
+  version: 2.15.2.1
 platform: java
 authors:
 - Daniel Luz
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-10-07 00:00:00.000000000 Z
+date: 2026-03-18 00:00:00.000000000 Z
 dependencies: []
 description: A JSON implementation as a JRuby extension.
 email: dev+ruby@mernen.com
@@ -56,7 +55,6 @@ metadata:
   documentation_uri: https://docs.ruby-lang.org/en/master/JSON.html
   homepage_uri: https://github.com/ruby/json
   source_code_uri: https://github.com/ruby/json
-post_install_message:
 rdoc_options:
 - "--title"
 - JSON implementation for Ruby
@@ -75,8 +73,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
-signing_key:
+rubygems_version: 3.6.3
 specification_version: 4
 summary: JSON Implementation for Ruby
 test_files: []