Set :create_additions to false when parsing json #67

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
4 participants
Contributor

statianzo commented Feb 11, 2013

This is in response to CVE-2013-0269. See
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58
for details.

Another option is using multi_json which takes care of the problem (and allows for usage of any json gem).

Member

rkh commented Feb 12, 2013

This pull request cannot be automatically merged.

Contributor

statianzo commented Feb 12, 2013

My bad. Fixed the conflict.

mpalmer added the mpalmer-ok label Oct 31, 2014

mpalmer removed the mpalmer-ok label Jun 22, 2015

mpalmer added this to the 1.3 milestone Jun 22, 2015

mpalmer self-assigned this Jun 22, 2015

Contributor

mpalmer commented Jun 22, 2015

LGTM.

Contributor

jjb commented Jun 23, 2015

👍

mpalmer closed this Jul 1, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment