All Versions
Latest Version
Avg Release Cycle
275 days
Latest Release
732 days ago

Changelog History
Page 1

  • v0.16 Changes

    April 13, 2022

    ๐Ÿšš Deprecated and removed features:

    • Direct access to lh_table and lh_entry structure members is deprecated.
      Use access functions instead, lh_table_head(), lh_entry_next(), etc...
    • โฌ‡๏ธ Drop REFCOUNT_DEBUG code.

    ๐Ÿ†• New features

    • ๐Ÿš€ The 0.16 release introduces no new features

    ๐Ÿ— Build changes

    • Add a DISABLE_EXTRA_LIBS option to skip using libbsd
    • Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.

    ๐Ÿ›  Significant changes and bug fixes

    • Cap string length at INT_MAX to avoid various issues with very long strings.
    • json_object_deep_copy: fix deep copy of strings containing '\0'
    • ๐Ÿ›  Fix read past end of buffer in the "json_parse" command
    • ๐Ÿ–จ Avoid out of memory accesses in the locally provided vasprintf() function (for those platforms that use it)
    • Handle allocation failure in json_tokener_new_ex
    • Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
    • ๐Ÿ–จ printbuf_memset(): set gaps to zero - areas within the print buffer which have not been initialized by using printbuf_memset
    • ๐Ÿ–จ printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
    • ๐Ÿ–จ sprintbuf(): propagate printbuf_memappend errors back to the caller


    • ๐Ÿ“œ Speed up parsing by replacing ctype functions with simplified, faster non-locale-sensitive ones in json_tokener and json_object_to_json_string.
    • Neither vertical tab nor formfeed are considered whitespace per the JSON spec
    • json_object: speed up creation of objects, calloc() -> malloc() + set fields
    • Avoid needless extra strlen() call in json_c_shallow_copy_default() and json_object_equal() when the object is known to be a json_type_string.

    Other changes

    • Validate size arguments in arraylist functions.
    • ๐Ÿ‘‰ Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c very early during boot, such as part of cryptsetup.
    • ๐Ÿ‘‰ Use arc4random() if it's available.
    • ๐Ÿ‘€ random_seed: on error, continue to next method instead of exiting the process
    • Close file when unable to read from /dev/urandom in get_dev_random_seed()

  • v0.15 Changes

    July 26, 2020

    ๐Ÿšš Deprecated and removed features:

    • Deprecate array_list_new() in favor of array_list_new2()
    • Remove the THIS_FUNCTION_IS_DEPRECATED define.
    • โœ‚ Remove config.h.win32

    ๐Ÿ†• New features

    • Add a JSON_TOKENER_ALLOW_TRAILING_CHARS flag to allow multiple objects to be parsed even when JSON_TOKENER_STRICT is set.
    • Add json_object_new_array_ext(int) and array_list_new_2(int) to allow arrays to be allocated with the exact size needed, when known.
    • Add json_object_array_shrink() (and array_list_shrink()) and use it in json_tokener to minimize the amount of memory used.
    • โž• Add a json_parse binary, for use in testing changes (not installed, but available in the apps directory).

    ๐Ÿ— Build changes

    • #639/#621 - Add symbol versions to all exported symbols
    • #508/#634 - Always enable -fPIC to allow use of the json-c static library in other libraries
    • ๐Ÿ— Build both static and shared libraries at the same time.
    • โช #626 - Restore compatibility with cmake 2.8
    • #471 - Always create directories with mode 0755, regardless of umask.
    • ๐Ÿ‘ #606/#604 - Improve support for OSes like AIX and IBM i, as well as for MINGW32 and old versions of MSVC
    • #451/#617 - Add a DISABLE_THREAD_LOCAL_STORAGE cmake option to disable the use of thread-local storage.

    ๐Ÿ›  Significant changes and bug fixes

    • Split the internal json_object structure into several sub-types, one for each json_type (json_object_object, json_object_string, etc...). This improves memory usage and speed, with the benchmark under bench/ report 5.8% faster test time and 6%(max RSS)-12%(peak heap) less memory usage. Memory used just for json_object structures decreased 27%, so use cases with fewer arrays and/or strings would benefit more.
    • Minimize memory usage in array handling in json_tokener by shrinking arrays to the exact number of elements parsed. On bench/ benchmark: 9% faster test time, 39%(max RSS)-50%(peak heap) less memory usage. Add json_object_array_shrink() and array_list_shrink() functions.
    • ๐Ÿ“œ #616 - Parsing of surrogate pairs in unicode escapes now properly handles incremental parsing.
    • ๐Ÿ›  Fix incremental parsing of numbers, especially those with exponents, e.g. so parsing "[0", "e+", "-]" now properly returns an error. Strict mode now rejects missing exponents ("0e").
    • Successfully return number objects at the top level even when they are followed by a "-", "." or "e". This makes parsing things like "123-45" behave consistently with things like "123xyz".

    Other changes

    • #589 - Detect broken RDRAND during initialization; also, fix segfault in the CPUID check.
    • โช #592 - Fix integer overflows to prevert out of bounds write on large input.
    • Protect against division by zero in linkhash, when created with zero size.
    • ๐Ÿ“œ #602 - Fix json_parse_uint64() internal error checking, leaving the retval untouched in more failure cases.
    • #614 - Prevent truncation when custom double formatters insert extra \0's

  • v0.14 Changes

    April 14, 2020

    ๐Ÿšš Deprecated and removed features:

    • ๐Ÿšš bits.h has been removed
    • ๐Ÿšš lh_abort() has been removed
    • lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
    • โœ‚ Remove TRUE and FALSE defines, use 1 and 0 instead.

    ๐Ÿ— Build changes:

    ๐Ÿšš Deprecated and removed features:

    • ๐Ÿšš bits.h has been removed
    • ๐Ÿšš lh_abort() has been removed
    • lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
    • โœ‚ Remove TRUE and FALSE defines, use 1 and 0 instead.
    • ๐Ÿ‘€ autoconf support, including, has been removed. See details about cmake, below.
    • With the addition of json_tokener_get_parse_end(), access to internal fields of json_tokener, as well as use of many other symbols and types in json_tokener.h, is deprecated now.
    • ๐Ÿ— The use of to build for Android no longer works, and it is unknown how (or if) the new cmake-based build machinery can be used.
      • Reports of success, or pull requests to correct issues are welcome.

    Notable improvements and new features

    ๐Ÿ“š Builds and documentation

    • ๐Ÿ— Build machinery has been switched to CMake. See for details about how to build.
      • TL;DR: mkdir build ; cd build ; cmake -DCMAKE_INSTALL_PREFIX=/some/path ../json-c ; make all test install
      • To ease the transition, there is a cmake-configure wrapper that emulates the old autoconf-based configure script.
      • This has enabled improvements to the build on Windows system; also all public functions have been fixed to be properly exported. For best results, use Visual Studio 2015 or newer.
    • ๐Ÿ’… The json-c style guide has been updated to specify the use of clang-format, and all code has been reformatted.
      • Since many lines of code have trivial changes now, when using git blame, be sure to specify -w
    • ๐Ÿ“š Numerous improvements have been made to the documentation including function effects on refcounts, when passing a NULL is safe, and so on.

    json_tokener changes

    • Added a json_tokener_get_parse_end() function to replace direct access of tok->char_offset.
      • The char_offset field, and the rest of the json_tokener structure remain exposed for now, but expect a future release to hide it like is done with json_object_private.h
    • json_tokener_parse_ex() now accepts a new JSON_TOKENER_VALIDATE_UTF8 flag to validate that input is UTF8.
      • If validation fails, json_tokener_get_error(tok) will return json_tokener_error_parse_utf8_string (see enum json_tokener_error).

    Other changes and additions

    • โž• Add support for unsigned 64-bit integers, uint64_t, to gain one extra bit of magnitude for positive ints.
      • json_tokener will now parse values up to UINT64_MAX (18446744073709551615)
      • Existing methods returning int32_t or int64_t will cap out-of-range values at INT32_MAX or INT64_MAX, preserving existing behavior.
      • The implementation includes the possibility of easily extending this to larger sizes in the future.
    • A total of 7 new functions were added:
      • json_object_get_uint64 ( struct json_object const* jso )
      • json_object_new_uint64 ( uint64_t i )
      • json_object_set_uint64 ( struct json_object* jso, uint64_t new_value )
      • json_parse_uint64 ( char const* buf, uint64_t* retval )
        • See description of uint64 support, above.
      • json_tokener_get_parse_end ( struct json_tokener* tok )
        • See details under "json_tokener changes", above.
      • json_object_from_fd_ex ( int fd, int in_depth )
        • Allows the max nesting depth to be specified.
      • json_object_new_null ( )
        • Simply returns NULL. Its use is not recommended.
    • The size of struct json_object has decreased from 96 bytes to 88 bytes.

    โœ… Testing

    • โšก๏ธ Many updates were made to test cases, increasing code coverage.
    • โœ… There is now a quick way (JSONC_TEST_TRACE=1) to turn on shell tracing in tests.
    • โœ… To run tests, use make test; the old "check" target no longer exists.

    ๐Ÿ›  Significant bug fixes

    For the full list of issues and pull requests since the previous release, please see

    • Issue #389: Add an assert to explicitly crash when _ref_count is corrupted, instead of a later "double free" error.
    • ๐Ÿ“œ Issue #407: fix incorrect casts in calls to ctype functions (isdigit and isspace) so we don't crash when asserts are enabled on certain platforms and characters > 128 are parsed.
    • Issue #418: Fix docs for json_util_from_fd and json_util_from_file to say that they return NULL on failures.
    • Issue #422: json_object.c:set errno in json_object_get_double() when called on a json_type_string object with bad content.
    • Issue #453: Fixed misalignment in JSON serialization when JSON_C_TO_STRING_SPACED and JSON_C_TO_STRING_PRETTY are used together.
    • Issue #463: fix newlocale() call to use LC_NUMERIC_MASK instead of LC_NUMERIC, and remove incorrect comment.
    • Issue #486: append a missing ".0" to negative double values to ensure they are serialized as floating point numbers.
    • ๐Ÿ Issue #488: use JSON_EXPORT on functions so they are properly exported on Windows.
    • Issue #539: use an internal-only serializer function in json_object_new_double_s() to avoid potential conflicts with user code that uses the json_object_userdata_to_json_string serializer.

  • v0.13.1 Changes

    March 04, 2018
    • โฌ†๏ธ Bump the major version of the .so library generated up to 4.0 to avoid conflicts because some downstream packagers of json-c had already done their own bump to ".so.3" for a much older 0.12 release.
    • Add const size_t json_c_object_sizeof()
    • ๐Ÿ†“ Avoid invalid free (and thus a segfault) when ref_count gets < 0
    • PR#394: fix handling of custom double formats that include a ".0"
    • Avoid uninitialized variable warnings in json_object_object_foreach
    • ๐Ÿ— Issue #396: fix build for certain uClibc based systems.
    • โž• Add a top level fuzz directory for fuzzers run by OSS-Fuzz
  • v0.13.1-20180305

    March 06, 2018
  • v0.13 Changes

    November 29, 2017

    ๐Ÿš€ This release, being three and a half years after the 0.12 branch (f84d9c), has quite a number of changes included. The following is a sampling of the most significant ones.

    ๐Ÿš€ Since the 0.12 release, 250 issues and pull requests have been closed. See for a complete list.

    ๐Ÿšš Deprecated and removed features:

    • ๐Ÿšš All internal use of bits.h has been eliminated. The file will be removed. Do not use: hexdigit(), error_ptr(), error_descrition() and it_error()
    • ๐Ÿšš lh_abort() is deprecated. It will be removed.

    Behavior changes:

    • ๐Ÿšฉ Tighten the number parsing algorithm to raise errors instead of truncating the results. For example 12.3.4 or 2015-01-15, which now return null. See commit 99d8fc

    • Use size_t for array length and size. Platforms where sizeof(size_t) != sizeof(int) may not be backwards compatible See commits 45c56b, 92e9a5 and others.

    • Check for failure when allocating memory, returning NULL and errno=ENOMEM. See commit 2149a04.

    • Change json_object_object_add() return type from void to int, and will return -1 on failures, instead of exiting. (Note: this is not an ABI change)

    ๐Ÿ†• New features:

    • We're aiming to follow RFC 7159 now.

    • Add a couple of additional option to json_object_to_json_string_ext: JSON_C_TO_STRING_PRETTY_TAB JSON_C_TO_STRING_NOSLASHESCAPE

    • Add a json_object_object_add_ex() function to allow for performance improvements when certain constraints are known to be true.

    • ๐Ÿ”ง Make serialization format of doubles configurable, in two different ways: Call json_object_set_serializer with json_object_double_to_json_string and a custom format on each double object, or Call json_c_set_serialization_double_format() to set a global or thread-wide format.

    • Add utility function for comparing json_objects - json_object_equal()

    • Add a way to copy entire object trees: json_object_deep_copy()

    • Add json_object_set_ function to modify the value of existing json_object's without the need to recreate them. Also add a json_object_int_inc function to adjust an int's value.

    • โž• Add support for JSON pointer, RFC 6901. See json_pointer.h

    • Add a json_util_get_last_err() function to retrieve the string describing the cause of errors, instead of printing to stderr.

    • Add perllike hash function for strings, and json_global_set_string_hash() 8f8d03d

    • Add a json_c_visit() function to provide a way to iterate over a tree of json-c objects.

    ๐Ÿ›  Notable bug fixes and other improvements:

    • ๐Ÿ‘‰ Make reference increment and decrement atomic to allow passing json objects between threads.
    • Fix json_object_object_foreach to avoid uninitialized variable warnings.
    • ๐Ÿ‘Œ Improve performance by removing unneeded data items from hashtable code and reducing duplicate hash computation.
    • ๐Ÿ‘Œ Improve performance by storing small strings inside json_object
    • Improve performance of json_object_to_json_string by removing variadic printf. commit 9ff0f49
    • ๐Ÿ“œ Issue #371: fix parsing of "-Infinity", and avoid needlessly copying the input when doing so.
    • Fix stack buffer overflow in json_object_double_to_json_string_format() - commit 2c2deb87
    • ๐Ÿ›  Fix various potential null ptr deref and int32 overflows
    • Issue #332: fix a long-standing bug in array_list_put_idx() where it would attempt to free previously free'd entries due to not checking the current array length.
    • ๐Ÿ‘ Issue #195: use uselocale() instead of setlocale() in json_tokener to behave better in threaded environments.
    • Issue #275: fix out of bounds read when handling unicode surrogate pairs.
    • Ensure doubles that happen to be a whole number are emitted with ".0" - commit ca7a19
    • ๐Ÿ–จ PR#331: for Visual Studio, use a snprintf/vsnprintf wrapper that ensures the string is terminated.
    • Fix double to int cast overflow in json_object_get_int64.
    • Clamp double to int32 when narrowing in json_object_get_int.
    • ๐Ÿ“œ Use strtoll() to parse ints - instead of sscanf
    • โš  Miscellaneous smaller changes, including removing unused variables, fixing warning about uninitialized variables adding const qualifiers, reformatting code, etc...

    ๐Ÿ— Build changes:

    • โž• Add Appveyor and Travis build support
    • ๐Ÿ Switch to using CMake when building on Windows with Visual Studio. A dynamic .dll is generated instead of a .lib config.h is now generated, config.h.win32 should no longer be manually copied
    • โž• Add support for MacOS through CMake too.
    • ๐Ÿ— Enable silent build by default
    • ๐Ÿ”— Link against libm when needed
    • โž• Add support for building with AddressSanitizer
    • โž• Add support for building with Clang
    • ๐Ÿ”€ Add a --enable-threading configure option, and only use the (slower) sync_add_and_fetch()/sync_sub_and_fetch() function when it is specified.

    List of new functions added:


    • array_list_bsearch()
    • array_list_del_idx()
    • json_object_to_json_string_length()
    • json_object_get_userdata()
    • json_object_set_userdata()
    • json_object_object_add_ex()
    • json_object_array_bsearch()
    • json_object_array_del_idx()
    • json_object_set_boolean()
    • json_object_set_int()
    • json_object_int_inc()
    • json_object_set_int64()
    • json_c_set_serialization_double_format()
    • json_object_double_to_json_string()
    • json_object_set_double()
    • json_object_set_string()
    • json_object_set_string_len()
    • json_object_equal()
    • json_object_deep_copy()


    • json_pointer_get()
    • json_pointer_getf()
    • json_pointer_set()
    • json_pointer_setf()


    • json_object_from_fd()
    • json_object_to_fd()
    • json_util_get_last_err()


    • json_c_visit()

    ๐Ÿ”— linkhash.h

    • json_global_set_string_hash()
    • lh_table_resize()

    ๐Ÿ–จ printbuf.h

    • ๐Ÿ–จ printbuf_strappend()
  • v0.13-20171207

    December 07, 2017
  • v0.12.1 Changes

    June 07, 2016
    • Minimal changes to address compile issues.
  • v0.12.1-20160607

    June 07, 2016
  • v0.12 Changes

    April 11, 2014
    • Address security issues:

      • CVE-2013-6371: hash collision denial of service
      • CVE-2013-6370: buffer overflow if size_t is larger than int
    • Avoid potential overflow in json_object_get_double

    • Eliminate the mc_abort() function and MC_ABORT macro.

    • Make the json_tokener_errors array local. It has been deprecated for a while, and json_tokener_error_desc() should be used instead.

    • change the floating point output format to %.17g so values with more than 6 digits show up in the output.

    • Remove the old name compatibility support. The library is only created as now and headers are only installed into the ${prefix}/json-c directory.

    • When supported by the linker, add the -Bsymbolic-functions flag.

    • Various changes to fix the build on MSVC.

    • Make strict mode more strict:

      • number must not start with 0
      • no single-quote strings
      • no comments
      • trailing char not allowed
      • only allow lowercase literals
    • Added a json_object_new_double_s() convenience function to allow an exact string representation of a double to be specified when creating the object and use it in json_tokener_parse_ex() so a re-serialized object more exactly matches the input.

    • Add support NaN and Infinity