Age | Commit message (Collapse) | Author | Files | Lines |
|
Problems found locating distfiles:
Package cabocha: missing distfile cabocha-0.68.tar.bz2
Package convertlit: missing distfile clit18src.zip
Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
1.0.2
-----
- added warning when using Psych + an older version of libyaml
|
|
0.9.7
* made handling of document frontmatter more robust
* added more descriptive message to the warning for omitting the :safe option
0.9.6
* fixed handling of files with trailing content (after closing ---)
For more detail, please refer <https://github.com/dtao/safe_yaml/commits/master>.
|
|
The SafeYAML gem provides an alternative implementation of `YAML.load`
suitable for accepting user input in Ruby applications. Unlike Ruby's
built-in implementation of `YAML.load`, SafeYAML's version will not expose
apps to arbitrary code execution exploits (such as [the ones
discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/)
[in Rails in early
2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
If you encounter any issues with SafeYAML, check out the 'Common Issues'
section below. If you don't see anything that addresses the problem you're
experiencing, by all means, [create an
issue](https://github.com/dtao/safe_yaml/issues/new)!
|