Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(YamlParser): add SafeConstructor to enforce security #1469

Merged
merged 1 commit into from
Mar 1, 2024

Conversation

xael-fry
Copy link
Member

@xael-fry xael-fry commented Feb 28, 2024

Pull Request Checklist

Helpful things

Fixes

A malicious web application's file crafted from a client could cause a remote code execution attack on a Linux or Windows server running PlayFramework.

Purpose

Regarding new Yaml(), use a correct way to avoid deserialization vulnerabilities

@xael-fry xael-fry self-assigned this Feb 28, 2024
@xael-fry xael-fry force-pushed the feat_safe_yaml_parser branch from 224ea57 to 998a13f Compare February 28, 2024 11:42
@xael-fry xael-fry added this to the 1.8.0 milestone Feb 29, 2024
@xael-fry xael-fry merged commit fad919e into playframework:master Mar 1, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant