DD4T.Model 2.6 released

Today, version 2.6 of DD4T.Model was released. It contains bug fixes and security patches. Most important changes:

  • Fixed a bug with the serialization of keywords, reported on Stackexchange (https://tridion.stackexchange.com/questions/21828/upgrade-to-tridion-9-5-and-net-dd4t-2-5-producing-error-with-ikeyword-on-dynami)
  • Upgraded Newtonsoft.JSON to 13.0.1 (with improved security)

Note that, starting with version 13.0.1, Newtonsoft uses a maximum (de)serialization depth of 64. This addresses a security issue, because attackers could try to let your application deserialize an extremely complex JSON string, which would probably bring down your application.

DD4T raises the maximum depth to 128 by default, which should be enough for almost every implementation. If you have very complex schemas, or if you set the linkLevel to a very high value, you could theorically require an even higher maximum. If this happens, you will see this error:

Newtonsoft: Getting “The reader’s MaxDepth of 64 has been exceeded

You can fix it by adding an appSetting to your Web.config with the key DD4T.JsonSerializerMaxDepth.

 

Serializable models

The DD4T models are now all marked as Serializable. This means you could store them on a disk, or in a cloud-based storage medium. Why is this important? Well, for example, you could create a caching agent which caches the DD4T models in Redis, Azure Storage or Mongo. Distributed caching for DD4T! More about this in a future post, I hope.