[前][次][番号順一覧][スレッド一覧]

ruby-changes:28448

From: charliesome <ko1@a...>
Date: Sat, 27 Apr 2013 23:54:47 +0900 (JST)
Subject: [ruby-changes:28448] charliesome:r40500 (trunk): * lib/yaml.rb: add security warning to YAML documentation

charliesome	2013-04-27 23:54:37 +0900 (Sat, 27 Apr 2013)

  New Revision: 40500

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=40500

  Log:
    * lib/yaml.rb: add security warning to YAML documentation

  Modified files:
    trunk/ChangeLog
    trunk/lib/yaml.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 40499)
+++ ChangeLog	(revision 40500)
@@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sat Apr 27 23:53:00 2013  Charlie Somerville  <charlie@c...>
+
+	* lib/yaml.rb: add security warning to YAML documentation
+
 Sat Apr 27 23:25:00 2013  Zachary Scott  <zachary@z...>
 
 	* lib/yaml.rb: Documentation for YAML module [Bug #8213]
Index: lib/yaml.rb
===================================================================
--- lib/yaml.rb	(revision 40499)
+++ lib/yaml.rb	(revision 40500)
@@ -73,6 +73,10 @@ end https://github.com/ruby/ruby/blob/trunk/lib/yaml.rb#L73
 #     YAML.dump("foo")     # => "--- foo\n...\n"
 #     { :a => 'b'}.to_yaml  # => "---\n:a: b\n"
 #
+# Do not use YAML to load untrusted data. Doing so is unsafe and could allow
+# malicious input to execute arbitrary code inside your application. Please see
+# doc/security.rdoc for more information.
+#
 # For more advanced details on the implementation see Psych, and also check out
 # yaml.org for spec details and other helpful information.
 module YAML; end

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]