[ANN] Security Fix json-1.1.7 for json_pure and json gems
Security Fix Release json-1.1.7 for json_pure and json gems.
The JSON::Pure::Parser contains a vulnerability that may lead to
catastrophic backtracking in one of its regular expressions. This
vulnerability doesn't affect the JSON::Ext::Parser or Rail's
Active::Support::JSON. Ruby 1.9.1 (but not Ruby 1.9 trunk) contains
the vulnerable json/pure code as well, so if you want to use the pure
parser you should update to a newer version or use the json gem 1.1.7
An attacker can cause a denial of service attack by passing a
specially designed string into the JSON::Pure::Parser#parse method.
- versions 1.1.0-1.1.6 of the JSON::Pure::Parser
Thanks to Bartosz Blimke for reporting this bug.
* Security Fix for JSON::Pure::Parser. A specially designed string
could cause catastrophic backtracking in one of the parser's
regular expressions in earlier 1.1.x versions. JSON::Ext::Parser
isn't affected by this issue. Thanks to Bartosz Blimke
<email@example.com> for reporting this problem.
* This release also uses a less strict ruby version requirement for
the creation of the mswin32 native gem.
Version 1.1.7 of json and json_pure on
|All times are GMT. The time now is 08:10 AM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.