v2.15.0 / 2020 Jul 24

[com.taoensso/nippy "2.15.0"]

This is a major feature release. It may be BREAKING!

BREAKING CHANGES since v2.14.0:

• [#130] [Security] Add *serialization-whitelist*, ENABLED BY DEFAULT to address Remote Code Execution vulnerability.

See #130 for details, incl. upgrade instructions.

Big thanks to Timo Mihaljov (@solita-timo-mihaljov) for an excellent report identifying this vulnerability!

New since v2.14.0:

• [#127] Add utils: freeze-to-string, thaw-from-string (@piotr-yuxuan)
• [#113 #114] Add support for object arrays (@isaksky)
• [#83 #112] Add support for deftype (@isaksky)
• [#83 #113] Add support for URIs (@isaksky)

Changes since v2.14.0:

• [#101] Switch default encryptor from AES-CBC to AES-GCM (faster, includes integrity check)
• Refactor encryption utils for extra flexibility in future
• Latest dependencies

Fixes since v2.14.0:

• [#120] Update freezable? to cover nil