Security fix create_additons/JSON::GenericObjectv1.7.7

author: Florian Frank <flori@ping.de> 2013-02-04 23:28:30 +0100
committer: Florian Frank <flori@ping.de> 2013-02-11 19:08:20 +0100
commit: d0a62f3ced7560daba2ad546d83f0479a5ae2cf2 (patch)
tree: 5405697053a6daba987c3dbd18a5aece25ebdee1 /CHANGES
parent: 771e08b7a96c5d4c962e3e2f258df2f680c60dc0 (diff)
download: json-d0a62f3ced7560daba2ad546d83f0479a5ae2cf2.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index a8c0b35..e3d12a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,12 @@
 2013-02-04 (1.7.7)
+  * Security fix for JSON create_additions default value and
+    JSON::GenericObject. It should not be possible to create additions unless
+    explicitely requested by setting the create_additions argument to true or
+    using the JSON.load/dump interface. If JSON::GenericObject is supposed to
+    be automatically deserialised, this has to be explicitely enabled by
+    setting
+      JSON::GenericObject.json_createble = true
+    as well.
   * Remove useless assert in fbuffer implementation.
   * Apply patch attached to https://github.com/flori/json/issues#issue/155
     provided by John Shahid <jvshahid@gmail.com>, Thx!
author	Florian Frank <flori@ping.de>	2013-02-04 23:28:30 +0100
committer	Florian Frank <flori@ping.de>	2013-02-11 19:08:20 +0100
commit	d0a62f3ced7560daba2ad546d83f0479a5ae2cf2 (patch)
tree	5405697053a6daba987c3dbd18a5aece25ebdee1 /CHANGES
parent	771e08b7a96c5d4c962e3e2f258df2f680c60dc0 (diff)
download	json-d0a62f3ced7560daba2ad546d83f0479a5ae2cf2.tar.gz