Make changes more precise [#424]

author: Marc-Andre Lafortune <github@marc-andre.ca> 2020-06-30 02:29:19 -0400
committer: Marc-Andre Lafortune <github@marc-andre.ca> 2020-06-30 02:30:54 -0400
commit: 9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5 (patch)
tree: e84d25f90f31b86513128a7a1e9bf5d1ca1d0ade /CHANGES.md
parent: f8fa987de568b11cfea27d44486b0377d83d0e4b (diff)
download: json-9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 89c026b..efd7477 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,7 +1,10 @@
 # Changes
 
 ## 2019-12-11 (2.3.0)
- * Fix default of `create_additions` to always be false [CVE-2020-10663]
+ * Fix default of `create_additions` to always be `false` for `JSON(user_input)`
+   and `JSON.parse(user_input, nil)`.
+   Note that `JSON.load` remains with default `true` and is meant for internal
+   serialization of trusted data. [CVE-2020-10663]
  * Fix passing args all #to_json in json/add/*.
  * Fix encoding issues
  * Fix issues of keyword vs positional parameter
author	Marc-Andre Lafortune <github@marc-andre.ca>	2020-06-30 02:29:19 -0400
committer	Marc-Andre Lafortune <github@marc-andre.ca>	2020-06-30 02:30:54 -0400
commit	9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5 (patch)
tree	e84d25f90f31b86513128a7a1e9bf5d1ca1d0ade /CHANGES.md
parent	f8fa987de568b11cfea27d44486b0377d83d0e4b (diff)
download	json-9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5.tar.gz