Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Read quoted attributes in chunks #126

Merged
merged 1 commit into from
May 16, 2024
Merged

Read quoted attributes in chunks #126

merged 1 commit into from
May 16, 2024

Conversation

nobu
Copy link
Member

@nobu nobu commented May 16, 2024

No description provided.

@kou kou merged commit 4325835 into master May 16, 2024
66 of 78 checks passed
@kou kou deleted the quoted-attr branch May 16, 2024 02:26
@nobu nobu mentioned this pull request May 16, 2024
kou pushed a commit that referenced this pull request May 16, 2024
kou pushed a commit that referenced this pull request May 31, 2024
It seems to me that mentioned in the NEWS.md and in the release notes PR
#124 ("Move development dependencies to Gemfile") isn't a correct one
and not related to CVE-2024-35176:

```
- Improved parse performance when an attribute has many <s.
  - GH-124
```

#126 looks like fixes the issue with attribute value that contains
multiple '>' characters. At least it adds a proper test.
@junaruga
Copy link
Member

junaruga commented Jun 13, 2024

Just for someone who is interested in the CVE-2024-35176 including me, this pull-request is the commit fixing it. Also mentioned at the NEWS.md - 3.2.7 - "Improved parse performance when an attribute has many `<`s." - GH-126 below on the latest master branch.

rexml/NEWS.md

Lines 70 to 72 in 3b026f8

* Improved parse performance when an attribute has many `<`s.
* GH-126

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants