ruby-changes:28448
From: charliesome <ko1@a...>
Date: Sat, 27 Apr 2013 23:54:47 +0900 (JST)
Subject: [ruby-changes:28448] charliesome:r40500 (trunk): * lib/yaml.rb: add security warning to YAML documentation
charliesome 2013-04-27 23:54:37 +0900 (Sat, 27 Apr 2013) New Revision: 40500 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=40500 Log: * lib/yaml.rb: add security warning to YAML documentation Modified files: trunk/ChangeLog trunk/lib/yaml.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 40499) +++ ChangeLog (revision 40500) @@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sat Apr 27 23:53:00 2013 Charlie Somerville <charlie@c...> + + * lib/yaml.rb: add security warning to YAML documentation + Sat Apr 27 23:25:00 2013 Zachary Scott <zachary@z...> * lib/yaml.rb: Documentation for YAML module [Bug #8213] Index: lib/yaml.rb =================================================================== --- lib/yaml.rb (revision 40499) +++ lib/yaml.rb (revision 40500) @@ -73,6 +73,10 @@ end https://github.com/ruby/ruby/blob/trunk/lib/yaml.rb#L73 # YAML.dump("foo") # => "--- foo\n...\n" # { :a => 'b'}.to_yaml # => "---\n:a: b\n" # +# Do not use YAML to load untrusted data. Doing so is unsafe and could allow +# malicious input to execute arbitrary code inside your application. Please see +# doc/security.rdoc for more information. +# # For more advanced details on the implementation see Psych, and also check out # yaml.org for spec details and other helpful information. module YAML; end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/