@dcodeIO dcodeIO released this Feb 26, 2018 · 21 commits to master since this release

Assets 2

This is a security patch:

  • Fixes typeRefRe used in the parser (1.X-6.8.5) being vulnerable to ReDoS as reported by James Davis. Relevant where a user is allowed to provide .proto sources for parsing. Applications using trusted .proto definitions, JSON descriptors or static code exclusively are not affected.