diff options
| author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2020-06-30 20:08:18 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-30 20:08:18 +0900 |
| commit | 7cc9301acae27438b32b0cb21d7ff8c3cb07792c (patch) | |
| tree | e84d25f90f31b86513128a7a1e9bf5d1ca1d0ade | |
| parent | f8fa987de568b11cfea27d44486b0377d83d0e4b (diff) | |
| parent | 9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5 (diff) | |
| download | json-7cc9301acae27438b32b0cb21d7ff8c3cb07792c.tar.gz | |
Merge pull request #428 from marcandre/change_fix
Make changes more precise [#424]
| -rw-r--r-- | CHANGES.md | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -1,7 +1,10 @@ # Changes ## 2019-12-11 (2.3.0) - * Fix default of `create_additions` to always be false [CVE-2020-10663] + * Fix default of `create_additions` to always be `false` for `JSON(user_input)` + and `JSON.parse(user_input, nil)`. + Note that `JSON.load` remains with default `true` and is meant for internal + serialization of trusted data. [CVE-2020-10663] * Fix passing args all #to_json in json/add/*. * Fix encoding issues * Fix issues of keyword vs positional parameter |