kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity
ruby--ruby/ext
History
Aaron Patterson c7c2ad5749
[ruby/psych] Introduce Psych.unsafe_load 
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method.  In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE).  People that need to load *trusted* documents can use the
`unsafe_load` method.

This commit introduces the `unsafe_load` method so that people can
incrementally upgrade.  For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.

https://github.com/ruby/psych/commit/cb50aa8d3f
2021-05-17 11:20:45 +09:00
..
-test- dependency updates 2021-04-13 14:30:21 +09:00
bigdecimal Fix -Wundef warnings for patterns #if HAVE 2021-05-04 14:56:55 +02:00
cgi/escape Fix -Wundef warnings for HAVE_RB_EXT_RACTOR_SAFE 2021-05-04 14:56:55 +02:00
continuation dependency updates 2021-04-13 14:30:21 +09:00
coverage dependency updates 2021-04-13 14:30:21 +09:00
date [ruby/date] Bump version to 3.1.1 2021-04-20 20:46:03 +09:00
dbm [ruby/dbm] gemspec: add README & LICENSE 2021-04-20 21:19:41 +09:00
digest Removed unused macro HAVE_CONFIG_H 2021-04-28 18:48:08 +09:00
etc dependency updates 2021-04-13 14:30:21 +09:00
fcntl dependency updates 2021-04-13 14:30:21 +09:00
fiddle dependency updates 2021-04-13 14:30:21 +09:00
gdbm [ruby/gdbm] Add dependency to gdbm package on mingw 2021-04-27 20:54:07 +09:00
io [ruby/io-console] Move FFI console under lib 2021-04-22 11:53:13 +09:00
json dependency updates 2021-04-13 14:30:21 +09:00
monitor Fix -Wundef warnings for HAVE_RB_EXT_RACTOR_SAFE 2021-05-04 14:56:55 +02:00
nkf Fix -Wundef warnings in core extensions 2021-05-04 14:56:55 +02:00
objspace ext/objspace/lib/objspace/trace.rb: Remove the original Kernel#p 2021-05-14 15:39:57 +09:00
openssl Fix -Wundef warnings in core extensions 2021-05-04 14:56:55 +02:00
pathname [ruby/pathname] gemspec: Explicitly list 0 executables 2021-04-27 20:52:48 +09:00
psych [ruby/psych] Introduce Psych.unsafe_load 2021-05-17 11:20:45 +09:00
pty dependency updates 2021-04-13 14:30:21 +09:00
racc/cparse Fix -Wundef warnings for HAVE_RB_EXT_RACTOR_SAFE 2021-05-04 14:56:55 +02:00
rbconfig/sizeof dependency updates 2021-04-13 14:30:21 +09:00
readline dependency updates 2021-04-13 14:30:21 +09:00
ripper dependency updates 2021-04-13 14:30:21 +09:00
rubyvm Added depend files 2019-07-14 01:31:29 +09:00
socket dependency updates 2021-04-13 14:30:21 +09:00
stringio dependency updates 2021-04-13 14:30:21 +09:00
strscan [ruby/strscan] Replace "iff" with "if and only if" (#18) 2021-05-06 16:21:14 +09:00
syslog dependency updates 2021-04-13 14:30:21 +09:00
win32 Fix some typos by spell checker 2021-04-26 10:07:41 +09:00
win32ole Fix some typos by spell checker 2021-04-26 10:07:41 +09:00
zlib Fix -Wundef warnings for HAVE_RB_EXT_RACTOR_SAFE 2021-05-04 14:56:55 +02:00
.document Remove unnecessary files from .document 2020-12-20 16:00:13 +09:00
extmk.rb transcode-tblgen.rb: make silent a little when just -v 2020-12-29 17:45:19 +09:00
Setup Removed sdbm entries from toolchanins 2020-06-19 08:26:47 +09:00
Setup.atheos Removed sdbm entries from toolchanins 2020-06-19 08:26:47 +09:00
Setup.nt Removed sdbm entries from toolchanins 2020-06-19 08:26:47 +09:00