Gson 2.2.3 released

[Inderjeet Singh]

Hi All,

We are happy to announce a new release of Gson, version 2.2.3. This is a minor release but with a critical bug fix. All users, especially those that use Gson on server-side, are recommended to upgrade to this version. Here is a summary of changes:

• Fixed a denial of service attack when using Gson DOM elements (JsonElement and its subclasses). This attack is common to all public uses of HashMap that use String keys. Certain malicious input can cause HashMap to send all objects to the same hash bucket and can dramatically slow down map operations. Gson fixes this by using a custom LinkedHashTreeMap that doesn't have this problem.
• Fixed issue 509 to correctly handle fields of type EnumSet
• Documentation fixes: Issue 498 and 463

The release is pushed out to Maven Central and is also available for download from Gson's download page:

http://code.google.com/p/google-gson/downloads/list

If you run into issues specific to this release, please post them as responses to this thread.

Jesse, Joel & Inder