Ruby: rack - Rack::Response changenote

2026-05-05 05:35:13 +02:00 · 2023-07-05 15:15:34 +01:00
parent df62cf8a5a
commit 2b0b2855e1
1 changed files with 5 additions and 0 deletions
--- a/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
+++ b/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.