diff options
author | Aaron Patterson <tenderlove@ruby-lang.org> | 2021-05-10 09:50:06 -0700 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-05-17 11:20:45 +0900 |
commit | fbb4e3f96c10de2240f2d87eac19cf6f62f65fea (patch) | |
tree | d5225584384363a5d3a08112a360bf556bafc326 /enc | |
parent | c7c2ad5749f7f0767ef38be160f4b391228396c1 (diff) |
[ruby/psych] Use Psych.safe_load by default
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
https://github.com/ruby/psych/commit/176494297f
Diffstat (limited to 'enc')
0 files changed, 0 insertions, 0 deletions