merge revision(s) 19320,19322:

* lib/rexml/document.rb: limit entity expansion. Thanks, Luka Treiber, Mitja Kolsek, and Michael Koziarski. backported from trunk r19033, r19317, r19318. * lib/rexml/entity.rb: ditto. * test/rexml/test_document.rb: ditto. * NEWS: added an entry for REXML. * lib/rexml/document.rb: fixed typo. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@21744 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-01-23 02:50:43 +0000
committer: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-01-23 02:50:43 +0000
commit: d3bec17ee78488e3a66fa895982ee9b834798e23 (patch)
tree: 38de7039da1df7e286c065437ce485e09c89b32c /NEWS
parent: 8837f5948551444299fe5a13d06fa210dce01c65 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 61373187e5..965ce6de5a 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,15 @@ Note that each entry is kept so brief that no reason behind or
 reference information is supplied with.  For a full list of changes
 with all sufficient information, see the ChangeLog file.
 
+* REXML
+
+  * REXML::Document.entity_expansion_limit=
+
+    New method to set the entity expansion limit. By default the limit is
+    set to 10000.  See the following URL for details.
+
+    http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
+
 == Changes since the 1.8.6 release
 
 === Configuration changes
author	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-01-23 02:50:43 +0000
committer	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-01-23 02:50:43 +0000
commit	d3bec17ee78488e3a66fa895982ee9b834798e23 (patch)
tree	38de7039da1df7e286c065437ce485e09c89b32c /NEWS
parent	8837f5948551444299fe5a13d06fa210dce01c65 (diff)