hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-25 06:37:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
66eaeebd1e690f2cbff2166f464d5ccb825acf87
codeql/ruby/ql/src/change-notes/released/0.4.1.md
github-actions[bot] a02dcdc5e1 Release preparation for version 2.11.1
2022-10-07 02:20:28 +00:00

485 B
Raw Blame History

0.4.1

Minor Analysis Improvements

  • The rb/xxe query has been updated to add the following sinks for XML external entity expansion:
    1. Calls to parse XML using LibXML when its default_substitute_entities option is enabled.
    2. Uses of the Rails methods ActiveSupport::XmlMini.parse, Hash.from_xml, and Hash.from_trusted_xml when ActiveSupport::XmlMini is configured to use LibXML as its backend, and its default_substitute_entities option is enabled.