Sha256: a128275e7e4141684ff0f2f0d6beeda3538e97ed13cb9822ce9aaf49288b9448

Contents?: true

Size: 932 Bytes

Versions: 38

Compression:

Stored size: 932 Bytes

Contents

= Improvements

* The typecast_params plugin checks now checks for null bytes by
  default before typecasting.  If null bytes are present, it raises
  an error.  Most applications do not require null bytes in
  parameters, and in some cases allowing them can lead to security
  issues, especially when parameters are passed to C extensions.
  In general, the benefit of forbidding null bytes in parameters is
  greater than the cost.
  
  If you would like to continue allowing null bytes, use the
  :allow_null_bytes option when loading the plugin.

  Note that this change does not affect uploaded files, since those
  are expected to contain null bytes.

= Backwards Compatibility

* The change to the typecast_params plugin to raise an error for
  null bytes can break applications that are expecting null bytes
  to be passed in parameters.  Such applications should use the
  :allow_null_bytes option when loading the plugin.

Version data entries

38 entries across 38 versions & 1 rubygems

Version Path
roda-3.83.0 doc/release_notes/3.45.0.txt
roda-3.82.0 doc/release_notes/3.45.0.txt
roda-3.81.0 doc/release_notes/3.45.0.txt
roda-3.79.0 doc/release_notes/3.45.0.txt
roda-3.78.0 doc/release_notes/3.45.0.txt
roda-3.77.0 doc/release_notes/3.45.0.txt
roda-3.76.0 doc/release_notes/3.45.0.txt
roda-3.75.0 doc/release_notes/3.45.0.txt
roda-3.74.0 doc/release_notes/3.45.0.txt
roda-3.73.0 doc/release_notes/3.45.0.txt
roda-3.72.0 doc/release_notes/3.45.0.txt
roda-3.71.0 doc/release_notes/3.45.0.txt
roda-3.70.0 doc/release_notes/3.45.0.txt
roda-3.69.0 doc/release_notes/3.45.0.txt
roda-3.68.0 doc/release_notes/3.45.0.txt
roda-3.67.0 doc/release_notes/3.45.0.txt
roda-3.66.0 doc/release_notes/3.45.0.txt
roda-3.65.0 doc/release_notes/3.45.0.txt
roda-3.64.0 doc/release_notes/3.45.0.txt
roda-3.63.0 doc/release_notes/3.45.0.txt