Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Change default for parseHuge to false to avoid OOM on xml expansion #11094
@@ Coverage Diff @@ ## master #11094 +/- ## ============================================ + Coverage 94.87% 94.92% +0.05% - Complexity 12838 13059 +221 ============================================ Files 437 437 Lines 32732 33060 +328 ============================================ + Hits 31053 31381 +328 Misses 1679 1679
Aug 25, 2017
6 checks passed
Correct, in most cases people won't notice the changed default. The docblock already stated that you had to enable parseHuge, but the code defaulted to true. This default behavior is an insecure one, so it is now changed to false. 2017-08-28 3:42 GMT+02:00 inoas <email@example.com>:…
Doesn't look BC to me, is it? — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#11094 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAGzWO00FzD21E7pKZ3DnBEG7bXAIt6jks5schrsgaJpZM4PCEZf> .
I doubt if many users will trip. First off, Most users don't use Xml, those that do use it would only need parseHuge in edge cases. The docs already stated to set parseHuge option to true, even though the code itself didnt need it, because of the default. So most likely for those edge cases people are passing the parseHuge option as true already.