Multi_json and used backend

darix · March 20, 2020, 5:32pm

In the light of CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix), which backend are you using? If it is the json gem, shouldnt the gemfile maybe force 2.3.0 instead of the ruby stdlib copy?

sam · March 24, 2020, 4:23am

We mostly use Oj, but I guess there are some cases where json is still used directly.

I updated the dependency here:

darix · April 10, 2020, 11:19am

In the mean time there are ruby releases for all branches from 2.4 up that have the security fix included in the intree json copy.

Topic		Replies	Views
Discourse_api sync_sso custom_fields results in "custom.custom.<field>" in payload Bug	3	689	August 5, 2020
Mark notifications as read from Discourse API Dev	5	1380	February 27, 2020
System File Override Dev	1	897	March 25, 2019
How do I move the discourse installed server to another server without loss? Installation	4	897	May 31, 2023
How to change the length of existing excerpts? Support	1	139	February 19, 2022