Multi_json and used backend

In the light of CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix), which backend are you using? If it is the json gem, shouldnt the gemfile maybe force 2.3.0 instead of the ruby stdlib copy?

1 Like

We mostly use Oj, but I guess there are some cases where json is still used directly.

I updated the dependency here:

1 Like