diff options
Diffstat (limited to 'textproc/ruby-safe_yaml/DESCR')
-rw-r--r-- | textproc/ruby-safe_yaml/DESCR | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/textproc/ruby-safe_yaml/DESCR b/textproc/ruby-safe_yaml/DESCR new file mode 100644 index 00000000000..6025282a8c1 --- /dev/null +++ b/textproc/ruby-safe_yaml/DESCR @@ -0,0 +1,12 @@ +The SafeYAML gem provides an alternative implementation of `YAML.load` +suitable for accepting user input in Ruby applications. Unlike Ruby's +built-in implementation of `YAML.load`, SafeYAML's version will not expose +apps to arbitrary code execution exploits (such as [the ones +discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) +[in Rails in early +2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)). + +If you encounter any issues with SafeYAML, check out the 'Common Issues' +section below. If you don't see anything that addresses the problem you're +experiencing, by all means, [create an +issue](https://github.com/dtao/safe_yaml/issues/new)! |