Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security fix in libyaml: Limit depth of nesting by default #431

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

hi-kumar
Copy link

@hi-kumar hi-kumar commented Oct 17, 2024

Update libyaml:

  • Bring over security fix in libYaml: 51843fe (PR 287)
Each nesting level increases the stack and the number of previous
starting events that the parser has to check.

The default maximum is 1000 and can be set via yaml_set_max_nest_level()
  • While here, bring in couple more commits in the same code segments to stay up to date: Handle closing flow sequence after explicit key 588eabf (PR 295) & 840b65c (296)

Fix in libYaml: 51843fe
While here, bring in couple more commits in libYaml: 588eabf & 840b65c
Copy link
Owner

@jpsim jpsim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants