jason v1.2.2 Release Notes

Release Date: 2020-09-08 // 10 days ago
  • 1.2.2 (08.09.2020)

    ✨ Enhancements

    • 👌 Support Decimal 2.

Previous changes from v1.2.1

  • 🔒 Security

    • 🛠 Fix html_safe escaping in Jason.encode

    The <!-- sequence of characters would not be escaped in Jason.encode withhtml_escape mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of <script> tags).

    If you were not using the html_safe option, you are not affected.

    Affected versions: < 1.2.1 Patched versions: >= 1.2.1