… | |
… | |
5 | TODO: weaken cyclic structures? |
5 | TODO: weaken cyclic structures? |
6 | TODO: allowed_classes or so? |
6 | TODO: allowed_classes or so? |
7 | TODO: large negative integers |
7 | TODO: large negative integers |
8 | TODO: russian guy test case exception |
8 | TODO: russian guy test case exception |
9 | 1.6 |
9 | 1.6 |
10 | - point out security implications of having unsafe THAW |
10 | - greatly expand the SECURITY IMPLICATIONS and similar sections. |
11 | function/methods in your process. |
|
|
12 | - new constructor new_safe, to create a secure CBOR::XS object. |
11 | - new constructor new_safe, to create a secure CBOR::XS object. |
13 | - new option forbid_objects, to disallow serialisation. |
12 | - new option forbid_objects, to disallow serialisation. |
14 | - new CBOR::XS::safe_filter functionality. |
13 | - new CBOR::XS::safe_filter functionality. |
15 | - fix a crash when decoding a cyclic data structure using |
14 | - fix a crash when decoding a cyclic data structure using |
16 | stringref/pack_strings when allow_cycles is disabled. |
15 | stringref/pack_strings when allow_cycles is disabled. |
17 | - fix a crash when decoding hash keys with length >= 2**31. |
16 | - fix a crash when decoding hash keys with length >= 2**31. |
18 | - avoid unreasonably long decoding times for certain |
17 | - avoid unreasonably long decoding times for certain |
19 | types of data corruption. |
18 | types of (corrupt) cbor texts. |
20 | - support arrays and hashes with >= 2**31 members. |
19 | - support arrays and hashes with >= 2**31 members. |
21 | - avoid overflow on pointer arithmetic when checking whether enough |
20 | - avoid overflow on pointer arithmetic when checking whether enough |
22 | data is available. |
21 | data is available. |
23 | - fix a memory leak that occured when decoding failed while decoding |
22 | - fix a memory leak that occured when decoding failed while decoding |
24 | a tagged value. |
23 | a tagged value. |
25 | - do not leak the partially constructed result when stringifying |
24 | - do not leak the partially constructed result when stringifying |
26 | a hash key throws an exception. |
25 | a hash key throws an exception. |
27 | - various code size and efficiency optimizations (reduced code |
26 | - various code size and efficiency optimizations (reduced code |
28 | from 42 to 40kB on my system, despite the new code). |
27 | from 42 to 40kB on my system, despite the new features). |
29 | |
28 | |
30 | 1.5 Wed Apr 27 11:38:39 CEST 2016 |
29 | 1.5 Wed Apr 27 11:38:39 CEST 2016 |
31 | - Math::BigFloat madness workaround, see |
30 | - Math::BigFloat madness workaround, see |
32 | http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
31 | http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
33 | (bugreport by zdm@softvisio.net). |
32 | (bugreport by zdm@softvisio.net). |