diff options
author | Aaron Patterson <tenderlove@ruby-lang.org> | 2021-05-10 09:50:06 -0700 |
---|---|---|
committer | Aaron Patterson <tenderlove@ruby-lang.org> | 2021-05-13 10:52:52 -0700 |
commit | 176494297f3f124467a6e3f1c9e6400ee742d663 (patch) | |
tree | ff4c8d6aeacffe85ce5934684432de4ecff2f5ab /.gitignore | |
parent | 4de7e9c879ae042d0c25d6ade6274d593c4cc5bb (diff) | |
download | psych-176494297f3f124467a6e3f1c9e6400ee742d663.zip |
Use Psych.safe_load by default
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
Diffstat (limited to '.gitignore')
0 files changed, 0 insertions, 0 deletions