archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-15 08:33:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ruby/ext/json/parser
History
Jean Boussier f2b8829df0 Deprecate unsafe default options of JSON.load 
[Feature #19528]

Ref: https://bugs.ruby-lang.org/issues/19528

`load` is understood as the default method for serializer kind of libraries, and
the default options of `JSON.load` has caused many security vulnerabilities over the
years.

The plan is to do like YAML/Psych, deprecate these default options and direct
users toward using `JSON.unsafe_load` so at least it's obvious it should be
used against untrusted data.
2024-11-01 13:04:24 +09:00
..
depend ruby tool/update-deps --fix 2024-04-27 21:55:28 +09:00
extconf.rb Use frozen string literals 2024-10-26 18:44:15 +09:00
parser.c Deprecate unsafe default options of JSON.load 2024-11-01 13:04:24 +09:00
parser.h Deprecate unsafe default options of JSON.load 2024-11-01 13:04:24 +09:00
parser.rl Deprecate unsafe default options of JSON.load 2024-11-01 13:04:24 +09:00
prereq.mk ext/json/parser/prereq.mk: fix warnings for code generated by ragel 2021-05-18 23:26:03 +09:00