mythic-insight/legendary-doc-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
legendary-doc-site/apps/core/deps/jason/CHANGELOG.md
Robert Prehn 6cb1f186e9 chore: Convert to umbrella app
2020-07-03 21:41:01 -05:00

2.4 KiB
Raw Blame History

Changelog

1.2.1 (04.05.2020)

Security

  • Fix html_safe escaping in Jason.encode

The <!-- sequence of characters would not be escaped in Jason.encode withhtml_escape mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of <script> tags).

If you were not using the html_safe option, you are not affected.

Affected versions: < 1.2.1 Patched versions: >= 1.2.1

1.2.0 (17.03.2020)

Enhancements

  • Add Jason.Encode.keyword/2 (cb1f26a).

Bug fixes

  • Fix Jason.Helpers.json_map/1 value expansion (70b046a).

1.1.2 (19.10.2018)

Bug fixes

  • correctly handle the pretty: false option (ba318c8).

1.1.1 (10.07.2018)

Bug fixes

  • correctly handle escape sequences in strings when pretty printing (794bbe4).

1.1.0 (02.07.2018)

Enhancements

  • pretty-printing support through Jason.Formatter and pretty: true option in Jason.encode/2 (d758e36).

Bug fixes

  • silence variable warnings for fields with underscores used during deriving (88dd85c).
  • potential incompatibility don't raise Protocol.UndefinedError in non-bang functions (ad0f57b).

1.0.1 (02.07.2018)

Bug fixes

  • fix Jason.Encode.escape type (a57b430)
  • multiple documentation improvements

1.0.0 (26.01.2018)

No changes

1.0.0-rc.3 (26.01.2018)

Changes

  • update escape option of Jason.encode/2 to take values: :json | :unicode_safe | :html_safe | :javascript_safe for consistency. Old values of :unicode and :javascript are still supported for compatibility with Poison. (f42dcbd)

1.0.0-rc.2 (07.01.2018)

Bug fixes

  • add type for strings option (b459ee4)
  • support iodata in decode! (a1f3456)

1.0.0-rc.1 (22.12.2017)

Initial release