diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-01-23 02:50:43 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-01-23 02:50:43 +0000 |
commit | d3bec17ee78488e3a66fa895982ee9b834798e23 (patch) | |
tree | 38de7039da1df7e286c065437ce485e09c89b32c /NEWS | |
parent | 8837f5948551444299fe5a13d06fa210dce01c65 (diff) |
merge revision(s) 19320,19322:
* lib/rexml/document.rb: limit entity expansion. Thanks, Luka
Treiber, Mitja Kolsek, and Michael Koziarski. backported from
trunk r19033, r19317, r19318.
* lib/rexml/entity.rb: ditto.
* test/rexml/test_document.rb: ditto.
* NEWS: added an entry for REXML.
* lib/rexml/document.rb: fixed typo.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@21744 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -7,6 +7,15 @@ Note that each entry is kept so brief that no reason behind or reference information is supplied with. For a full list of changes with all sufficient information, see the ChangeLog file. +* REXML + + * REXML::Document.entity_expansion_limit= + + New method to set the entity expansion limit. By default the limit is + set to 10000. See the following URL for details. + + http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ + == Changes since the 1.8.6 release === Configuration changes |