| 1 | Revision history for Perl extension CBOR::XS |
1 | Revision history for Perl extension CBOR::XS |
| 2 | |
2 | |
| 3 | TODO: pack_keys? |
3 | TODO: pack_keys? |
| 4 | TODO: document encode_cbor_sharing? |
4 | TODO: document encode_cbor_sharing? |
| 5 | TODO: weaken cyclic structures? |
5 | TODO: weaken cyclic structures? |
| 6 | TODO: allowed_classes or so? |
6 | TODO: large negative integers |
|
|
7 | TODO: type cast tests. |
| 7 | |
8 | |
| 8 | TODO: Fredrik Ljunggren, document utf8_strings |
9 | 1.72 |
| 9 | - the Math::BigFloat maintainer apparently thinks that changing |
10 | - experimental support for some type casts, as well as embedding |
| 10 | documented maths function to suddenly yield different results or |
11 | raw cbor data. |
| 11 | to fail completely on valid input is cool. Try to work around |
12 | |
| 12 | this madness - if Math::BigFloat changes its API too much, |
13 | 1.71 Thu Nov 15 20:52:13 CET 2018 |
| 13 | future versions will have to remove support for bignums |
14 | - work around what smells like a perl bug w.r.t. exceptions |
|
|
15 | thrown in callbacks. |
|
|
16 | - update libecb. |
|
|
17 | |
|
|
18 | 1.7 Tue Jun 27 04:02:23 CEST 2017 |
|
|
19 | - SECURITY FIX: fix two bugs found by american fuzzy lop, |
|
|
20 | upgrade is advised if you accept data from untrusted |
|
|
21 | sources. |
|
|
22 | - an out-of bound sharedref or stringref index could cause an |
|
|
23 | out of bounds access - might be exploitable. |
|
|
24 | - a decoding error during indefinite array or hash decoding |
|
|
25 | could cause an endless loop. |
|
|
26 | |
|
|
27 | 1.6 Wed Dec 7 15:13:23 CET 2016 |
|
|
28 | - greatly expand the SECURITY IMPLICATIONS and similar sections. |
|
|
29 | - new constructor new_safe, to create a secure CBOR::XS object. |
|
|
30 | - new option forbid_objects, to disallow serialisation. |
|
|
31 | - new CBOR::XS::safe_filter functionality. |
|
|
32 | - fix a crash when decoding a cyclic data structure using |
|
|
33 | stringref/pack_strings when allow_cycles is disabled. |
|
|
34 | - fix a crash when decoding hash keys with length >= 2**31. |
|
|
35 | - avoid unreasonably long decoding times for certain |
|
|
36 | types of (corrupt) cbor texts. |
|
|
37 | - support arrays and hashes with >= 2**31 members. |
|
|
38 | - avoid overflow on pointer arithmetic when checking whether enough |
|
|
39 | data is available. |
|
|
40 | - fix a memory leak that occured when decoding failed while decoding |
|
|
41 | a tagged value. |
|
|
42 | - do not leak the partially constructed result when stringifying |
|
|
43 | a hash key throws an exception. |
|
|
44 | - various code size and efficiency optimizations (reduced code |
|
|
45 | from 42 to 40kB on my system, despite the new features). |
|
|
46 | |
|
|
47 | 1.5 Wed Apr 27 11:38:39 CEST 2016 |
|
|
48 | - Math::BigFloat madness workaround, see |
|
|
49 | http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
| 14 | (bugreport by zdm@softvisio.net). |
50 | (bugreport by zdm@softvisio.net). |
|
|
51 | - add text_keys and text_strings options to force CBOR text encoding |
|
|
52 | for perl hash keys or all strings, as a result of discussions |
|
|
53 | with Fredrik Ljunggren. |
|
|
54 | - implement support for arbitrary-exponent numbers (see |
|
|
55 | http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265) |
|
|
56 | for both en- and decoding. |
|
|
57 | - implement support for rational numbers (see |
|
|
58 | http://peteroupc.github.io/CBOR/rational.html, tag 30) for both |
|
|
59 | en- and decoding. |
|
|
60 | - the above effectively implements all registered CBOR extensions |
|
|
61 | in a sensible manner. |
| 15 | - remove some weird dead code that was duplication (%FILTER). |
62 | - remove some weird dead code that was duplicated (%FILTER). |
|
|
63 | - add t/58_hv.t, which tests hashes and the new text_* flags. |
|
|
64 | hashes apparently were not encoded at all in any of the existing |
|
|
65 | tests. |
|
|
66 | - document Math::BigFloat base-2 performance/crash issues. |
|
|
67 | - use stability canary. |
| 16 | |
68 | |
| 17 | 1.41 Thu 25 Feb 15:22:03 CET 2016 |
69 | 1.41 Thu 25 Feb 15:22:03 CET 2016 |
| 18 | - avoid perl panics on nested FREEZE/THAW calls (testcase by |
70 | - avoid perl panics on nested FREEZE/THAW calls (testcase by |
| 19 | Victor Efimov). |
71 | Victor Efimov). |
| 20 | |
72 | |
