| Age | Commit message (Collapse) | Author | Files | Lines |
|
Update ruby-safe_yaml to 1.0.5.
pkgsrc change: add "USE_LANGUAGES= # none".
1.0.5
-----
- fixed [#80](https://github.com/dtao/safe_yaml/issues/80): uninitialized constant DateTime
|
|
Bump PKGREVISION.
|
|
1.0.2
-----
- added warning when using Psych + an older version of libyaml
|
|
0.9.7
* made handling of document frontmatter more robust
* added more descriptive message to the warning for omitting the :safe option
0.9.6
* fixed handling of files with trailing content (after closing ---)
For more detail, please refer <https://github.com/dtao/safe_yaml/commits/master>.
|
|
The SafeYAML gem provides an alternative implementation of `YAML.load`
suitable for accepting user input in Ruby applications. Unlike Ruby's
built-in implementation of `YAML.load`, SafeYAML's version will not expose
apps to arbitrary code execution exploits (such as [the ones
discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/)
[in Rails in early
2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
If you encounter any issues with SafeYAML, check out the 'Common Issues'
section below. If you don't see anything that addresses the problem you're
experiencing, by all means, [create an
issue](https://github.com/dtao/safe_yaml/issues/new)!
|