SDK版本
最新版
Java版本
25
发生了什么?
Gson的版本还是2.10.1. 一些新发现的缺陷可能会影响gwms。甚至可能被坏人利用。比如一个最近修复的缺陷是:
google/gson#2731
出问题的api是com.google.gson.TypeAdapter.nullSafe()
他被CustomTypeAdapterFactory.create调用。
另一个是:
google/gson#2068
出问题的是com.google.gson.Gson.fromJson(String,Class)
During deserialization of 'repeated' fields it peeks at the type of the internal Java field. The problem is that this field does not have the type List is all cases but for some types has specialized Protobuf subinterfaces. For example for List the internal field has the type com.google.protobuf.Internal.LongList.
被下面的代码调用:
<--LocationListResponse.fromJson
<--Weight.fromJson
<--StockQueryResponse.fromJson
<--StockInfo.fromJson
<--OutboundOrderDetail.fromJson
<--WarehouseUpdateRequest.fromJson
<--OutboundOrder.fromJson
<--InboundOrderBox.fromJson
<--OutboundOrderListResponse.fromJson
<--LocationResponse.fromJson
<--StockDetailInfo.fromJson
<--OrderQueryVo.fromJson
<--Packaging.fromJson
<--InboundOrderDetailResponseAllOfData.fromJson
<--ProductCreateRequest.fromJson
<--InboundOrderDetailCreateRequest.fromJson
<--InboundOrderCreateRequest.fromJson
<--ZoneCreateRequest.fromJson
<--ChargeTransaction.fromJson
<--WarehouseListResponse.fromJson
<--ProductListResponse.fromJson
<--ProductSpuListResponse.fromJson
<--Address.fromJson
<--ErrorDetail.fromJson
<--ChargeTransactionListResponse.fromJson
<--ProductBatchResponseAllOfData.fromJson
<--ProductPartialUpdateRequest.fromJson
<--InboundWeight.fromJson
<--ZoneUpdateRequest.fromJson
<--PublicBaseEntity.fromJson
<--ApiResponseBase.fromJson
<--LocationUpdateRequest.fromJson
<--WarehouseCreateRequest.fromJson
<--InboundDimensions.fromJson
<--Pricing.fromJson
<--ExpressChannel.fromJson
<--Charge.fromJson
<--InboundOrderResponse.fromJson
<--ProductBatchRequest.fromJson
<--ContactInfo.fromJson
<--ZoneResponse.fromJson
<--Zone.fromJson
<--ChargeTransactionResponse.fromJson
<--ExtensibleRequest.fromJson
<--InboundOrderListResponse.fromJson
<--InboundOrderUpdateRequest.fromJson
<--InboundOrderDetailResponse.fromJson
<--LocationCreateRequest.fromJson
<--Product.fromJson
<--Error.fromJson
<--ProductSpuCreateRequest.fromJson
<--StockPageListResponse.fromJson
<--ProductResponse.fromJson
<--ApiErrorResponse.fromJson
<--Pagination.fromJson
<--ProductSpuResponse.fromJson
<--TokenRequest.fromJson
<--WarehouseResponse.fromJson
<--InboundOrderBoxCreateRequest.fromJson
<--Warehouse.fromJson
<--Dimensions.fromJson
<--ZoneListResponse.fromJson
<--InboundOrderStatusUpdateRequest.fromJson
<--ProductBatchResponse.fromJson
<--InboundOrder.fromJson
<--InboundOrderDetail.fromJson
<--ApiListResponseBase.fromJson
<--TokenResponse.fromJson
<--Attributes.fromJson
<--Location.fromJson
<--ProductSpuUpdateRequest.fromJson
<--ProductSpu.fromJson
<--ProductUpdateRequest.fromJson
<--StockQueryRequest.fromJson
建议升级到更新的版本。
预期行为
建议升级到更新的版本。
重现步骤
详见gson的缺陷报告
代码示例
错误日志
操作系统
No response
其他信息
No response
确认项
SDK版本
最新版
Java版本
25
发生了什么?
Gson的版本还是2.10.1. 一些新发现的缺陷可能会影响gwms。甚至可能被坏人利用。比如一个最近修复的缺陷是:
google/gson#2731
出问题的api是com.google.gson.TypeAdapter.nullSafe()
他被CustomTypeAdapterFactory.create调用。
另一个是:
google/gson#2068
出问题的是com.google.gson.Gson.fromJson(String,Class)
During deserialization of 'repeated' fields it peeks at the type of the internal Java field. The problem is that this field does not have the type List is all cases but for some types has specialized Protobuf subinterfaces. For example for List the internal field has the type com.google.protobuf.Internal.LongList.
被下面的代码调用:
<--LocationListResponse.fromJson
<--Weight.fromJson
<--StockQueryResponse.fromJson
<--StockInfo.fromJson
<--OutboundOrderDetail.fromJson
<--WarehouseUpdateRequest.fromJson
<--OutboundOrder.fromJson
<--InboundOrderBox.fromJson
<--OutboundOrderListResponse.fromJson
<--LocationResponse.fromJson
<--StockDetailInfo.fromJson
<--OrderQueryVo.fromJson
<--Packaging.fromJson
<--InboundOrderDetailResponseAllOfData.fromJson
<--ProductCreateRequest.fromJson
<--InboundOrderDetailCreateRequest.fromJson
<--InboundOrderCreateRequest.fromJson
<--ZoneCreateRequest.fromJson
<--ChargeTransaction.fromJson
<--WarehouseListResponse.fromJson
<--ProductListResponse.fromJson
<--ProductSpuListResponse.fromJson
<--Address.fromJson
<--ErrorDetail.fromJson
<--ChargeTransactionListResponse.fromJson
<--ProductBatchResponseAllOfData.fromJson
<--ProductPartialUpdateRequest.fromJson
<--InboundWeight.fromJson
<--ZoneUpdateRequest.fromJson
<--PublicBaseEntity.fromJson
<--ApiResponseBase.fromJson
<--LocationUpdateRequest.fromJson
<--WarehouseCreateRequest.fromJson
<--InboundDimensions.fromJson
<--Pricing.fromJson
<--ExpressChannel.fromJson
<--Charge.fromJson
<--InboundOrderResponse.fromJson
<--ProductBatchRequest.fromJson
<--ContactInfo.fromJson
<--ZoneResponse.fromJson
<--Zone.fromJson
<--ChargeTransactionResponse.fromJson
<--ExtensibleRequest.fromJson
<--InboundOrderListResponse.fromJson
<--InboundOrderUpdateRequest.fromJson
<--InboundOrderDetailResponse.fromJson
<--LocationCreateRequest.fromJson
<--Product.fromJson
<--Error.fromJson
<--ProductSpuCreateRequest.fromJson
<--StockPageListResponse.fromJson
<--ProductResponse.fromJson
<--ApiErrorResponse.fromJson
<--Pagination.fromJson
<--ProductSpuResponse.fromJson
<--TokenRequest.fromJson
<--WarehouseResponse.fromJson
<--InboundOrderBoxCreateRequest.fromJson
<--Warehouse.fromJson
<--Dimensions.fromJson
<--ZoneListResponse.fromJson
<--InboundOrderStatusUpdateRequest.fromJson
<--ProductBatchResponse.fromJson
<--InboundOrder.fromJson
<--InboundOrderDetail.fromJson
<--ApiListResponseBase.fromJson
<--TokenResponse.fromJson
<--Attributes.fromJson
<--Location.fromJson
<--ProductSpuUpdateRequest.fromJson
<--ProductSpu.fromJson
<--ProductUpdateRequest.fromJson
<--StockQueryRequest.fromJson
建议升级到更新的版本。
预期行为
建议升级到更新的版本。
重现步骤
详见gson的缺陷报告
代码示例
详见gson的缺陷报告错误日志
操作系统
No response
其他信息
No response
确认项