16 Jul 16:21

v1.0.2 Latest

Latest

Notable changes

This is a patch release that includes a significant memory optimization which reduces the retained memory of a JsonMasker instance. For JsonMasker instances with a large number of target keys / JSONPaths to mask (>500), the retained memory is reduced up to an order of magnitude.

Improvements

Handle masking of unicode keys by @gavlyukovskiy in #141
Memory reduced trie by @gavlyukovskiy & @Breus, reported by @mvegter in #156

Additional tests & benchmarks

Add tests from JSONTestSuite by @gavlyukovskiy in #140
Cherry-pick memory test and benchmarks by @gavlyukovskiy & @Breus in #154

Chores

Sona token authentication by @Breus in #147
Update Gradle to version 8.8 by @Breus in #150
Bump com.uber.nullaway:nullaway from 0.10.25 to 0.11.0 by @dependabot in #143
Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 by @dependabot in #142
Bump com.google.errorprone:error_prone_core from 2.27.0 to 2.28.0 by @dependabot in #144
Bump com.fasterxml.jackson.core:jackson-databind from 2.17.0 to 2.17.1 by @dependabot in #145
Bump junit from 5.10.2 to 5.10.3 by @dependabot in #148
Bump net.ltgt.errorprone from 3.1.0 to 4.0.1 by @dependabot in #149

Full Changelog: v1.0.1...v1.0.2

Contributors

Breus, gavlyukovskiy, and 2 other contributors

Assets 2

02 May 08:44

Breus

v1.0.1

What's Changed

This is a patch release for version 1.0.0 and includes a couple small bug fixes for edge cases and several backward compatible API improvements.

Bug fixes

Fix matching JSON keys longer than 256 bytes by @gavlyukovskiy in #130
Fix escaping of control characters, add nullability annotations to the functions by @gavlyukovskiy in #127
Make sure that all masks are JSON encoded by @gavlyukovskiy in #133

Backward compatible API improvements

Extend configuration with single key or a map by @gavlyukovskiy in #132
Fix ambiguity check error message by @donavdey in #136

Chores

Added using the json-masker package section to REAMDE by @Breus in #120
Make sure pipelines run from forks by @gavlyukovskiy in #122
Added javadoc badge by @gavlyukovskiy in #124
Added javadoc on package-info by @gavlyukovskiy in #125
Migrate to JSpecify and NullAway by @gavlyukovskiy in #123
Add module-info.java by @gavlyukovskiy in #126
Fix benchmark exception when we have less than 20 unambiguous json paths by @gavlyukovskiy in #128
Add gc profiler to the results by @gavlyukovskiy in #118
Fix sha for pull request by @gavlyukovskiy in #129
1.0.0 release candidates versions no longer have our security support by @Breus in #131
Filter out other GC metrics by @gavlyukovskiy in #135
Bump com.google.errorprone:error_prone_core from 2.26.1 to 2.27.0 by @dependabot in #137
Bump io.github.gradle-nexus.publish-plugin from 1.3.0 to 2.0.0 by @dependabot in #138

Full Changelog: v1.0.0...v1.0.1

Contributors

Breus, donavdey, and 2 other contributors

Assets 2

09 Apr 07:30

Breus

v1.0.0

What's Changed

This is the first major release of the json-masker library after 3 release candidates for 1.0.0, and multiple pre-releases. 🎉
This release introduces several additional convenience APIs and a performance enhancement in JsonPATH look-up. Nonetheless, no backward incompatible changes were introduced with this release compared to the latest release candidate.

Additional features

Add actual withTextFunction that decodes / encodes JSON values by @gavlyukovskiy in #104
Allow overriding masking config for more specific keys for jsonpath by @donavdey in #119
Add eachDigitWith(String value) to allow repeating each digit of a number with an asterisk out-of-the-box by @Breus in #108

Performance enhancements

Optimize json path lookup by avoiding traversing the trie from the ro… by @donavdey in #116

Chores

Code clean-up, add small test case by @Breus in #109
Readme bold text by @Breus in #110
Fix small things in readme by @gavlyukovskiy in #111
Update README.md by @gavlyukovskiy in #112
Bump com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.17.0 by @dependabot in #114
Bump org.sonarqube from 4.4.1.3373 to 5.0.0.4638 by @dependabot in #113
Cleanup some leftovers by @gavlyukovskiy in #115

Full Changelog: v1.0.0-rc3...v1.0.0

Contributors

Breus, donavdey, and 2 other contributors

Assets 2

28 Mar 07:40

v1.0.0-rc3 Pre-release

Pre-release

What's Changed

This release introduces the ValueMasker interface, allowing users to configure virtually any custom value masking strategy for specific target keys or JSON types.

var jsonMasker = JsonMasker.getMasker(
        JsonMaskingConfig.builder()
                .maskKeys(Set.of("maskMe"))
                .maskStringsWith(ValueMaskers.withRawValueFunction(value -> value.startsWith("\"secret:") ? "\"***\"" : value))
                .build()
);

String maskedJson = jsonMasker.mask(json);

see more usage examples in README

We expect this to be the last Release Candidate before the 1.0.0 release.

Bug fixes

Fix cases when JsonMasker can get in infinite loop when processing invalid json by @gavlyukovskiy in #97

Functional changes

Introduce ValueMasker and refactor all value masking through a unified interface by @gavlyukovskiy in #96
Change runtime exception to InvalidJsonException by @Breus in #99
Refactor withTextFunction to indicate that the value received is a raw JSON literal by @gavlyukovskiy in #103

Chores

Fix wildcard usage in jsonpath usage examples by @donavdey in #93
Create ADR for jsonpath support by @donavdey in #95
Make LICENSE file markdown by @Breus in #102
Create SECURITY.md by @Breus in #100
Create CONTRIBUTING.md by @Breus in #101
Create ADR-0004 to support custom value masking strategies by @Breus in #89

Full Changelog: v1.0.0-rc2...v1.0.0-rc3

Contributors

Breus, donavdey, and gavlyukovskiy

Assets 2

13 Mar 17:30

Breus

v1.0.0-rc2 Pre-release

Pre-release

What's Changed

This release does not contain backward incompatible changes besides some bug fixes for edge cases which are extremely unlikely someone would depend on. Furthermore, it adds several additional features for JsonPath support and some performance improvements.

Because of the bug fixes it is recommended to bump from version 1.0.0-rc1 to 1.0.0-rc2.

Finally, in this release the source code is rewritten in way which makes it much easier to read, debug and maintain.

Bug fixes

Fix ArrayIndexOutOfBoundsException when skipping allowed string value with escaped escape character by @gavlyukovskiy in #92
Change MIN_MASKABLE_JSON_LENGTH for actual minimum with a number by @Breus in #61

Functional changes (only additional features)

Implement wildcards lookup by @donavdey in #83
Support arrays in JSONPath keys by @donavdey in #62

Performance improvements

Replace all OR statements with switch case by @gavlyukovskiy in #91
Avoid tracking JsonPath when there are no JsonPath keys by @gavlyukovskiy in #82

Chores

Improve fuzzing tests by @gavlyukovskiy in #63
Use version catalogue for Gradle dependencies by @Breus in #65
Add JsonFormatter, fix top level array masking by @gavlyukovskiy in #71
Refactor main loop and masking in place with visitors by @gavlyukovskiy in #73
Add explicit permission for all pipelines by @gavlyukovskiy in #80
Replace RandomWhiteSpaceInjector to Jackson PrettyPrinter by @AlexeyShary in #79
Remove try parse logic in FuzzingTest, reuse formatter in NoFailingExecutionFuzzingTest by @gavlyukovskiy in #85
Lower json size for jmh by @gavlyukovskiy in #75
Improve baseline implementation for benchmarks by @donavdey in #87
ADR 0002 small improvements and adding draft status to ADR template by @Breus in #90
Make the builder constructors package-private by @gavlyukovskiy in #67
Bump junit from 5.10.1 to 5.10.2 by @dependabot in #68
Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 by @dependabot in #69

New Contributors

@AlexeyShary made their first contribution in #79

Full Changelog: v1.0.0-rc1...v1.0.0-rc2

Contributors

Breus, donavdey, and 3 other contributors

Assets 2

22 Feb 15:16

Breus

v1.0.0-rc1 Pre-release

Pre-release

What's Changed

This release contains backward incompatible changes to refine and extend the API with additional configuration features. This is the first release candidate for the 1.0.0 release which is meant to be the first stable release of the library.

For this release, a discussion will be opened to provide feedback to the API before the final 1.0.0 release. Please feel free to provide your feedback.

Backward incompatible API changes

Added ADR and implementation containing multiple configuration API related changes by @gavlyukovskiy in #47

The API changes are explained and discussed in ADR-2: API design for JSON masking configurations.

Functional changes

Added limited support for JSONPaths as targets by @donavdey in #45

Chores

Add benchmark pipeline by @gavlyukovskiy in #53
Improve test coverage, fix json paths in benchmarks by @gavlyukovskiy in #51
Convert README to markdown by @gavlyukovskiy in #52
Added white space injected no-failed-execution fuzzing test by @Breus in #54
Adjust pipelines to be able to release pre-release versions by @gavlyukovskiy in #55
Improve async-profiler integration by @gavlyukovskiy in #58
Update readme to use latest API by @gavlyukovskiy in #56

Full Changelog: v0.2.1...v1.0.0-rc1

New Contributors

@donavdey made their first contribution in #45

Contributors

Breus, donavdey, and gavlyukovskiy

Assets 2

0 Join discussion

06 Jan 22:35

v0.2.1

What's Changed

This release contains a performance improvements for up to 20 times faster in cases when masking cannot be done in place (json with non-ascii characters, enabling length obfuscation).

Functional changes

None

Performance improvements

Store replacement operations in order to do a single array resize by @gavlyukovskiy in #33
Use fixed seed for benchmarks by @gavlyukovskiy in #34

Chores

Use link with filter on master branch by @gavlyukovskiy in #36
Added benchmark history entry and updated README for v0.2.0 by @Breus in #32
Changed Gradle DSL from Groovy to Kotlin by @Breus in #37
Replaced jUnit assertions with Assertj assertions by @Breus in #38
Add Sonarqube codecoverage by @gavlyukovskiy in #35
Attempt to fix sonar code coverage by @Breus in #39
Removed ignore paths README by @Breus in #42
Add sonar badges by @Breus in #40
Sonar skip compilation by @Breus in #41
Remove vulnerabilities README badge and add correct SonarCloud links by @Breus in #43

Full Changelog: v0.2.0...v0.2.1

Contributors

Breus and gavlyukovskiy

Assets 2

02 Jan 12:26

Breus

v0.2.0

What's Changed

Note: This release is backward incompatible with v0.1.0!

Compared to v0.1.0, everything that used to be masked is still masked, but since v0.2.0 adds support for array/object masking, additional values might be masked. Concretely, (nested) array elements and all values in a (nested) JSON object are masked if the array/object corresponds to a target JSON key.

Nonetheless, since this is a 0.x release, this won't result in a new major release.

Functional changes

Add support for array and object masking by @Breus in #18

Performance improvements

Use a Trie for key matching by @gavlyukovskiy in #19
Use bytes instead of character inside the Trie so it can run faster by @gavlyukovskiy in #26
Use if and ranges for comparison by @gavlyukovskiy in #25
Use trie in allow mode as well by @gavlyukovskiy in #22

Correctness (tests and small bug fixes)

Added fuzzing testing for case sensitivity by @Breus in #30
Added fuzzing testing for obfuscation length and fixed some edge case bugs found with it by @Breus in #29
Created fuzzing against Jackson for default configurations and fixed multiple small bugs found with it by @Breus in #28
Finished failure fuzzing testing and fixed a bug in KeyContainsMasker by @Breus in https://github.com/Breus/json-masker/pull/27|
Use UTF-8 encoding when creating a key to match by @gavlyukovskiy in https://github.com/Breus/json-masker/pull/21\

(Additional) benchmarks

Add a regex benchmark for comparison by @gavlyukovskiy in #23
Fixed benchmarks to use generated JSONs by @gavlyukovskiy in #17
Rework benchmarks to use different jsons by @gavlyukovskiy in #14

Code clean-up

Moving SingleTargetMasker to tests by @gavlyukovskiy in #13
Split Trie from KeyContainsMasker, added tests and docs by @Breus in #20

Dependency-related changes

Make JSR-305 dependency compileOnly and specify UTF-8 encoding for Ja… by @Breus in #7
Bump me.champeau.jmh from 0.7.1 to 0.7.2 by @dependabot in #9
Bump com.fasterxml.jackson.core:jackson-databind from 2.15.1 to 2.15.3 by @dependabot in #10
Bump jUnitVersion from 5.10.0 to 5.10.1 by @dependabot in #8
Added feature capability for nullability annotations to mark them as optional in POM by @gavlyukovskiy in #11
Updated Gradle version to 8.4 by @Breus in #12
Bump com.fasterxml.jackson.core:jackson-databind from 2.15.3 to 2.16.0 by @dependabot in #16
Bump com.fasterxml.jackson.core:jackson-databind from 2.16.0 to 2.16.1 by @dependabot in #31

Full Changelog: v0.1.0...v0.2.0

Contributors

Breus, gavlyukovskiy, and dependabot

Assets 2

08 Oct 18:57

Breus

v0.1.0 Pre-release

Pre-release

First alpha release of JSON masker to check

What's Changed

Made JSON masker non recursive by @RobertBlaauwendraad in #1
Feature obfuscation length by @RobertBlaauwendraad in #2
Implemented keys contains algorithm, first try by @Breus in #3
Feature support character escaping by @Breus in #4
Path aware JSON algorithm set-up (not implemented yet) by @Breus in #5
Added GitHub actions pipelines for building and releasing by @gavlyukovskiy in #6

New Contributors

@RobertBlaauwendraad made their first contribution in #1
@Breus made their first contribution in #3
@gavlyukovskiy made their first contribution in #6

Full Changelog: https://github.com/Breus/json-masker/commits/v0.1.0

Contributors

Breus, gavlyukovskiy, and RobertBlaauwendraad

Assets 2