What’s New in fastjson 1.2.68? Security Enhancements, GeoJSON Support, and Bug Fixes

fastjson 1.2.68 has been released as a bug‑fix and security‑hardening version, adding an autoType blacklist. Users already on 1.2.67 or any sec09 version who have not explicitly enabled autoType do not need to upgrade solely for security.

The release introduces a safeMode configuration; when enabled, autoType is disabled regardless of whitelist or blacklist settings.

It also adds native support for GeoJSON . Documentation: https://github.com/alibaba/fastjson/wiki/geojson_cn

Key Issues Fixed and Features Added

Built‑in support for GeoJSON (https://github.com/alibaba/fastjson/wiki/geojson_cn)

Fixed incorrect results in JSONObject.toJavaObject under certain scenarios introduced in 1.2.67.

Added AutTypeCheckHandler to ParserConfig for custom security checks.

Resolved jsonpath bugs for .max and .min support (#3066).

Corrected inconsistent behavior of JSONObject.containsKey with Number values compared to getObject (#3093).

Improved generic support for Map.Entry.

Introduced an autoType blacklist.

Provided the safeMode configuration (https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

For full release details, see: https://github.com/alibaba/fastjson/releases/tag/1.2.68