rexml 3.3.4 → 3.3.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rexml might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/NEWS.md +17 -0
  3. data/lib/rexml/parsers/baseparser.rb +1 -3
  4. data/lib/rexml/rexml.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e47ba1209ca1ca2ae0584348378fcefe05de5dc277273d434a37d62e04c676b3
4
- data.tar.gz: 867f9e01423f83063aac7c59e07670c88c20f527f676e28cdf9d098248293c56
3
+ metadata.gz: 8e2ee370ff6c1ab70149f6743a12ddf1eeae2c2af3c20f8cb7c6e56ff9699eec
4
+ data.tar.gz: 158254197a12b1038b9b5e116c9abc89a329ef97acda8031399a56d3aee45fe9
5
5
  SHA512:
6
- metadata.gz: d87d9cd9384218f3a9bd65870cef99e057022c83bae434318daeab781444378ea830ce46ae20879954f2ae54a7a00cc54eac2839784b989612315ddef909c809
7
- data.tar.gz: 1e61927c65b9a058626d0ab19c7f5af0d49169d896e76402e0152476cc772dabf41b8f7a135040b12f5c46eac933de8e60d21fdea8388ed7342be8cc6f9114e9
6
+ metadata.gz: 6b805e28e50ef71bbc5d0349fdd4ec57ec4811bba94fe4c3f8aa17bedb81971da48e98205c53a8eadd18f07b69a2f68c8200529d546aef4187f9f3e903670857
7
+ data.tar.gz: df3e369135f9b156475772a77702a91d45b8ee64ad49f608b2b33dc63d7b07dd271d7ac458d0b5e944e613798a0940231282997a747c4838e3e5c3afaf60253b
data/NEWS.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # News
2
2
 
3
+ ## 3.3.5 - 2024-08-12 {#version-3-3-5}
4
+
5
+ ### Fixes
6
+
7
+ * Fixed a bug that `REXML::Security.entity_expansion_text_limit`
8
+ check has wrong text size calculation in SAX and pull parsers.
9
+ * GH-193
10
+ * GH-195
11
+ * Reported by Viktor Ivarsson.
12
+ * Patch by NAITOH Jun.
13
+
14
+ ### Thanks
15
+
16
+ * Viktor Ivarsson
17
+
18
+ * NAITOH Jun
19
+
3
20
  ## 3.3.4 - 2024-08-01 {#version-3-3-4}
4
21
 
5
22
  ### Fixes
data/lib/rexml/parsers/baseparser.rb CHANGED
@@ -548,15 +548,13 @@ module REXML
548
548
  }
549
549
  matches.collect!{|x|x[0]}.compact!
550
550
  if matches.size > 0
551
- sum = 0
552
551
  matches.each do |entity_reference|
553
552
  unless filter and filter.include?(entity_reference)
554
553
  entity_value = entity( entity_reference, entities )
555
554
  if entity_value
556
555
  re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
557
556
  rv.gsub!( re, entity_value )
558
- sum += rv.bytesize
559
- if sum > Security.entity_expansion_text_limit
557
+ if rv.bytesize > Security.entity_expansion_text_limit
560
558
  raise "entity expansion has grown too large"
561
559
  end
562
560
  else
data/lib/rexml/rexml.rb CHANGED
@@ -31,7 +31,7 @@
31
31
  module REXML
32
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
33
33
  DATE = "2008/019"
34
- VERSION = "3.3.4"
34
+ VERSION = "3.3.5"
35
35
  REVISION = ""
36
36
 
37
37
  Copyright = COPYRIGHT
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rexml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.4
4
+ version: 3.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kouhei Sutou
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2024-08-01 00:00:00.000000000 Z
10
+ date: 2024-08-12 00:00:00.000000000 Z
11
11
  dependencies:
12
12
  - !ruby/object:Gem::Dependency
13
13
  name: strscan
@@ -116,7 +116,7 @@ homepage: https://github.com/ruby/rexml
116
116
  licenses:
117
117
  - BSD-2-Clause
118
118
  metadata:
119
- changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.4
119
+ changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.5
120
120
  rdoc_options:
121
121
  - "--main"
122
122
  - README.md