diff options
author | Marc-Andre Lafortune <github@marc-andre.ca> | 2020-06-30 02:29:19 -0400 |
---|---|---|
committer | Marc-Andre Lafortune <github@marc-andre.ca> | 2020-06-30 02:30:54 -0400 |
commit | 9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5 (patch) | |
tree | e84d25f90f31b86513128a7a1e9bf5d1ca1d0ade /CHANGES.md | |
parent | f8fa987de568b11cfea27d44486b0377d83d0e4b (diff) | |
download | json-9e2a1fb7d8193dfae67ed70a6f531dd4e4b5f0d5.tar.gz |
Make changes more precise [#424]
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -1,7 +1,10 @@ # Changes ## 2019-12-11 (2.3.0) - * Fix default of `create_additions` to always be false [CVE-2020-10663] + * Fix default of `create_additions` to always be `false` for `JSON(user_input)` + and `JSON.parse(user_input, nil)`. + Note that `JSON.load` remains with default `true` and is meant for internal + serialization of trusted data. [CVE-2020-10663] * Fix passing args all #to_json in json/add/*. * Fix encoding issues * Fix issues of keyword vs positional parameter |