Branch: refs/heads/master
Home: https://github.com/openSUSE/open-build-service
Commit: 824386e5e8a77d44041329f8b517d8a0d0e7c4dd
https://github.com/openSUSE/open-build-service/commit/824386e5e8a77d44041329...
Author: Björn Geuken
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M src/api/.rubocop_todo.yml
M src/api/app/controllers/webui/obs_factory/staging_projects_controller.rb
Log Message:
-----------
Solve Security/YAMLLoad cop
Prefer using YAML.safe_load over YAML.load.
This restricts the kind of objects that will be deserialized by YAML.load
and avoid exploits.
https://ruby-doc.org/stdlib-2.3.3/libdoc/yaml/rdoc/YAML.html#module-YAML-lab...
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
Commit: 0f423c0adde85320a4019592b3f325f5853ad941
https://github.com/openSUSE/open-build-service/commit/0f423c0adde85320a40195...
Author: David Kang
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M src/api/.rubocop_todo.yml
M src/api/app/controllers/webui/obs_factory/staging_projects_controller.rb
Log Message:
-----------
Merge pull request #5517 from bgeuken/bugfix/yaml_load
Solve Security/YAMLLoad cop
Compare: https://github.com/openSUSE/open-build-service/compare/cb38f203f2ae...0f423c...
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.