Releases: ruby/json
Releases · ruby/json
v2.19.7
What's Changed
- Fix some more edge cases with out of range floats.
- Ensure the string provided to
JSON.parsecan't be mutated during parsing. - Add missing write barriers in
State#dup. - Further validate generator
depthconfig.
Full Changelog: v2.19.6...v2.19.7
v2.19.6
What's Changed
- Cleanly handle overly large
depthgenerator argument. - Add missing write barrier in
ParserConfig.
Full Changelog: v2.19.5...v2.19.6
v2.19.5
What's Changed
- Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.
Full Changelog: v2.19.4...v2.19.5
v2.19.4
What's Changed
- Fix parsing of out of range floats (very large exponents that lead to either
0.0orInf).
Full Changelog: v2.19.2...v2.19.4
v2.19.3
- Fix handling of unescaped control characters preceeded by a backslash.
Full Changelog: v2.19.2...v2.19.3
v2.19.2
What's Changed
- Fix a format string injection vulnerability in
JSON.parse(doc, allow_duplicate_key: false).CVE-2026-33210
Full Changelog: v2.19.1...v2.19.2
v2.17.1.2
- Fix a format string injection vulnerability in
JSON.parse(doc, allow_duplicate_key: false).CVE-2026-33210
Full Changelog: v2.17.1...v2.17.1.2
v2.15.2.1
- Fix a format string injection vulnerability in
JSON.parse(doc, allow_duplicate_key: false).CVE-2026-33210
Full Changelog: v2.15.2...v2.15.2.1
v2.19.1
What's Changed
- Fix a compiler dependent GC bug introduced in
2.18.0.
Full Changelog: v2.19.0...v2.19.1
v2.19.0
What's Changed
- Fix
allow_blankparsing option to no longer allow invalid types (e.g.load([], allow_blank: true)now raise a type error). - Add
allow_invalid_escapeparsing option to ignore backslashes that aren't followed by one of the valid escape characters.
Full Changelog: v2.18.1...v2.19.0