29 Mar '13, 7pm

JRuby 1.7.3 Released: Primarily to Address Two Security Issues

class REXML::Document @@entity_expansion_text_limit = 10_240 def self.entity_expansion_text_limit=( val ) @@entity_expansion_text_limit = val end def self.entity_expansion_text_limit @@entity_expansion_text_limit end end class REXML::Text def self.unnormalize(string, doctype=nil, filter=nil, illegal=nil) sum = 0 string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) { s = self.expand($&, doctype, filter) if sum + s.bytesize > REXML::Document.entity_expansion_text_limit raise "entity expansion has grown too large" else sum += s.bytesize end s } end def self.expand(ref, doctype, filter) if ref[1] == ?# if ref[2] == ?x [ref[3...-1].to_i(16)].pack('U*') else [ref[2...-1].to_i].pack('U*') end elsif ref == '&' '&' elsif filter and filter.include?( ref[1...-1] ) ref elsif doctype doctype.entity( ref[1...-1] ) or ref else entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ] entity_...

Full article: http://jruby.org/2013/02/21/jruby-1-7-3.html

Tweets

<3 <3 <3

solestruck.com 30 Mar '13, 12am

Now available for Pre-Order! Estimated ship date is between 2/29 and 4/15. Please note: Your card is charged at the time y...

zeus-parallel_tests 0.2.0 released

rubyflow.com 30 Mar '13, 4pm

zeus-parallel_tests 0.2.0 released Posted by sevos on March 30, 2013 — 0 comments Few days ago I released version 0.2.0 of...