Is System.Text.Json 8.0.4 version is backward compatible with 8.0.3 version

[kogoel]

Steps:

1. Created a nuget package using .netstandard 2.1 named XYZ_version_1.nupkg which is internally using System.Text.Json(8.0.3)
2. It is serializing a object and copying the same into xyz.txt file.
3. Due to vulnerability in System.Text.Json(8.0.3), we have to upgrade to System.Text.Json(8.0.4) in our XYZ_version_1.nupkg so created a new version XYZ_version_2.nupkg
4. But the file which was already created using XYZ_version_1.nupkg is not correctly de-serialized and not getting the original object.

Please suggest whether the 8.0.4 version is backward compatible with 8.0.3

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-text-json, @gregsdennis
See info in area-owners.md if you want to be subscribed.

[huoyaoyuan]

Patch versions only include bug and security fixes and are always backward compatible. System.Text.Json 8.0.4 only includes a security guard for IAsyncEnumerable deserialization and no other behavior has changed.

[eiriktsarpalis]

It's absolutely the case that 8.0.4 only includes a security patch specifically addressing buffering issues in the DeserializeAsyncEnumerable methods. It should have no impact on how objects serialize or deserialize from JSON.

That being said, if you have a minimal repro showcasing that this is not the case we would be happy to take a look at that.