From a77af99a66dc05fc7f3baacb27e4d997cc1cd036 Mon Sep 17 00:00:00 2001 From: zzak Date: Wed, 6 Feb 2013 03:49:59 +0000 Subject: [PATCH] * NEWS: Add note about removal of CSV::load and CSV::dump from r39077 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 4 ++++ NEWS | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68f42bd1b8..3ca4e25a48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Wed Feb 6 12:49:00 2013 Zachary Scott + + * NEWS: Add note about removal of CSV::load and CSV::dump from r39077 + Wed Feb 6 05:57:00 2013 Zachary Scott * lib/racc/parser.rb: Hide copyright notice from Racc doc diff --git a/NEWS b/NEWS index 25c578f4a9..45097b4611 100644 --- a/NEWS +++ b/NEWS @@ -210,6 +210,10 @@ with all sufficient information, see the ChangeLog file. * When HTML5 tagmaker called, overwrite CGI#header, CGI#header function is to create a
element. +* CSV + * Removed CSV::dump and CSV::load to protect users from dangerous + serialization vulnerability + * iconv * Iconv has been removed. Use String#encode instead.