summaryrefslogtreecommitdiff
path: root/textproc/ruby-safe_yaml/DESCR
diff options
context:
space:
mode:
Diffstat (limited to 'textproc/ruby-safe_yaml/DESCR')
-rw-r--r--textproc/ruby-safe_yaml/DESCR12
1 files changed, 12 insertions, 0 deletions
diff --git a/textproc/ruby-safe_yaml/DESCR b/textproc/ruby-safe_yaml/DESCR
new file mode 100644
index 00000000000..6025282a8c1
--- /dev/null
+++ b/textproc/ruby-safe_yaml/DESCR
@@ -0,0 +1,12 @@
+The SafeYAML gem provides an alternative implementation of `YAML.load`
+suitable for accepting user input in Ruby applications. Unlike Ruby's
+built-in implementation of `YAML.load`, SafeYAML's version will not expose
+apps to arbitrary code execution exploits (such as [the ones
+discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/)
+[in Rails in early
+2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
+
+If you encounter any issues with SafeYAML, check out the 'Common Issues'
+section below. If you don't see anything that addresses the problem you're
+experiencing, by all means, [create an
+issue](https://github.com/dtao/safe_yaml/issues/new)!
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-24 12:43:32 +0000