jason v1.2.1 Release Notes

Release Date: 2020-05-04 // over 4 years ago
  • 🔒 Security

    • 🛠 Fix html_safe escaping in Jason.encode

    The <!-- sequence of characters would not be escaped in Jason.encode withhtml_escape mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of <script> tags).

    If you were not using the html_safe option, you are not affected.

    Affected versions: < 1.2.1 Patched versions: >= 1.2.1