Skip to content

v2.14.2 / 2020 Jul 24
Compare
Choose a tag to compare
@ptaoussanis ptaoussanis released this 24 Jul 17:40
· 166 commits to master since this release
v2.14.2
ea93fee 
[com.taoensso/nippy "2.14.2"]

This is a non-breaking hotfix security release. PLEASE READ CAREFULLY.

New since v2.14.0:

  • [#130] Add *serialization-whitelist* feature, DISABLED BY DEFAULT.

** SECURITY ADVISORY **

To prevent a possible Remote Code Execution (RCE) vulnerability (#130), you must opt-in to use the new *serialization-whitelist* feature.

See the nippy/*serialization-whitelist* docstring for usage instructions.

Assets 2
Loading