* NEWS: Add note about removal of CSV::load and CSV::dump from r39077

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: zzak <zzak@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-02-06 03:49:59 +0000
committer: zzak <zzak@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-02-06 03:49:59 +0000
commit: a77af99a66dc05fc7f3baacb27e4d997cc1cd036 (patch)
tree: d0f2f1c1d2adc9c140dfca6339f56c1639b74c79
parent: 4ce8ede2032b40e7b6479be2ab9cd30cab085429 (diff)
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 68f42bd1b8..3ca4e25a48 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Feb  6 12:49:00 2013  Zachary Scott  <zachary@zacharyscott.net>
+
+	* NEWS: Add note about removal of CSV::load and CSV::dump from r39077
+
 Wed Feb  6 05:57:00 2013  Zachary Scott  <zachary@zacharyscott.net>
 
 	* lib/racc/parser.rb: Hide copyright notice from Racc doc
diff --git a/NEWS b/NEWS
index 25c578f4a9..45097b4611 100644
--- a/NEWS
+++ b/NEWS
@@ -210,6 +210,10 @@ with all sufficient information, see the ChangeLog file.
   * When HTML5 tagmaker called, overwrite CGI#header,
     CGI#header function is to create a <header> element.
 
+* CSV
+  * Removed CSV::dump and CSV::load to protect users from dangerous
+    serialization vulnerability
+
 * iconv
   * Iconv has been removed. Use String#encode instead.
author	zzak <zzak@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-02-06 03:49:59 +0000
committer	zzak <zzak@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-02-06 03:49:59 +0000
commit	a77af99a66dc05fc7f3baacb27e4d997cc1cd036 (patch)
tree	d0f2f1c1d2adc9c140dfca6339f56c1639b74c79
parent	4ce8ede2032b40e7b6479be2ab9cd30cab085429 (diff)