File tree Expand file tree Collapse file tree 2 files changed +17
-1
lines changed
Expand file tree Collapse file tree 2 files changed +17
-1
lines changed Original file line number Diff line number Diff line change 11# Changelog
22
3+ ## 1.2.1 (04.05.2020)
4+
5+ ### Security
6+
7+ * Fix ` html_safe ` escaping in ` Jason.encode `
8+
9+ The ` <!-- ` sequence of characters would not be escaped in ` Jason.encode `
10+ with` html_escape ` mode, which could lead to DoS attacks when used for
11+ embedding of arbitrary, user controlled strings into HTML through JSON
12+ (e.g. inside of ` <script> ` tags).
13+
14+ If you were not using the ` html_safe ` option, you are not affected.
15+
16+ Affected versions: < 1.2.1
17+ Patched versions: >= 1.2.1
18+
319## 1.2.0 (17.03.2020)
420
521### Enhancements
Original file line number Diff line number Diff line change 11defmodule Jason.Mixfile do
22 use Mix.Project
33
4- @ version "1.2.0 "
4+ @ version "1.2.1 "
55
66 def project ( ) do
77 [
You can’t perform that action at this time.
0 commit comments