Multi_json and used backend

In the light of CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix), which backend are you using? If it is the json gem, shouldnt the gemfile maybe force 2.3.0 instead of the ruby stdlib copy?

1 Like

We mostly use Oj, but I guess there are some cases where json is still used directly.

I updated the dependency here:

1 Like

In the mean time there are ruby releases for all branches from 2.4 up that have the security fix included in the intree json copy.