diff options
author | Florian Frank <flori@ping.de> | 2013-02-04 23:28:30 +0100 |
---|---|---|
committer | Florian Frank <flori@ping.de> | 2013-02-11 19:08:20 +0100 |
commit | d0a62f3ced7560daba2ad546d83f0479a5ae2cf2 (patch) | |
tree | 5405697053a6daba987c3dbd18a5aece25ebdee1 /CHANGES | |
parent | 771e08b7a96c5d4c962e3e2f258df2f680c60dc0 (diff) | |
download | json-d0a62f3ced7560daba2ad546d83f0479a5ae2cf2.tar.gz |
Security fix create_additons/JSON::GenericObjectv1.7.7
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -1,4 +1,12 @@ 2013-02-04 (1.7.7) + * Security fix for JSON create_additions default value and + JSON::GenericObject. It should not be possible to create additions unless + explicitely requested by setting the create_additions argument to true or + using the JSON.load/dump interface. If JSON::GenericObject is supposed to + be automatically deserialised, this has to be explicitely enabled by + setting + JSON::GenericObject.json_createble = true + as well. * Remove useless assert in fbuffer implementation. * Apply patch attached to https://github.com/flori/json/issues#issue/155 provided by John Shahid <jvshahid@gmail.com>, Thx! |