Multi_json and used backend

darix · 20. März 2020 um 17:32

In the light of CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix), which backend are you using? If it is the json gem, shouldnt the gemfile maybe force 2.3.0 instead of the ruby stdlib copy?

sam · 24. März 2020 um 04:23

We mostly use Oj, but I guess there are some cases where json is still used directly.

I updated the dependency here:

darix · 10. April 2020 um 11:19

In the mean time there are ruby releases for all branches from 2.4 up that have the security fix included in the intree json copy.

Thema		Antworten	Aufrufe
Json Import Fails with undefined method `token=' Bug	2	555	3. Februar 2022
Migration failure PG::UndefinedObject: ERROR: type "json" does not exist Installation	6	2709	13. Mai 2015
Upgrade to 3.0.2: NameError: undefined method `call' for class `Redis::Client' (with a "fix") Installation unsupported-install	11	2327	23. Juni 2023
Discourse update keeps failing Installation	73	2874	18. September 2022
Webpush gem is not latest Dev	6	658	9. Mai 2018