--- CBOR-XS/Changes 2016/04/26 16:25:48 1.66 +++ CBOR-XS/Changes 2016/11/25 23:37:27 1.73 @@ -4,8 +4,27 @@ TODO: document encode_cbor_sharing? TODO: weaken cyclic structures? TODO: allowed_classes or so? +TODO: large negative integers +TODO: russian guy test case exception +TODO: allow_objects +1.6 + - point out security implications of having unsafe THAW + function/methods in your process. + - fix a crash when decoding a cyclic data structure using + stringref/pack_strings when allow_cycles is disabled. + - fix a crash when decoding hash keys with length >= 2**31. + - avoid unreasonably long decoding times for certain + types of data corruption. + - support arrays and hashes with >= 2**31 members. + - avoid overflow on pointer arithmetic when checking whether enough + data is available. + - fix a memory leak that occured when decoding failed while decoding + a tagged value. + - do not leak the partially constructed result when stringifying + a hash key throws an exception. + - various code size and efficiency optimizations. -1.5 +1.5 Wed Apr 27 11:38:39 CEST 2016 - Math::BigFloat madness workaround, see http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html (bugreport by zdm@softvisio.net). @@ -18,13 +37,13 @@ - implement support for rational numbers (see http://peteroupc.github.io/CBOR/rational.html, tag 30) for both en- and decoding. - - this effectively implements all registered CBOR extensions + - the above effectively implements all registered CBOR extensions in a sensible manner. - - remove some weird dead code that was duplication (%FILTER). + - remove some weird dead code that was duplicated (%FILTER). - add t/58_hv.t, which tests hashes and the new text_* flags. - hashes apparently were not encoded at all in any of the previous + hashes apparently were not encoded at all in any of the existing tests. - - document base-2 Math::BigFloat performance/crash issues. + - document Math::BigFloat base-2 performance/crash issues. - use stability canary. 1.41 Thu 25 Feb 15:22:03 CET 2016