From da9e72b82fa777bcc4714c704ef2fd371c754717 Mon Sep 17 00:00:00 2001 From: Evan Rutledge Borden Date: Tue, 29 Jan 2019 15:31:35 -0600 Subject: [PATCH] Add minor version bump to 1.6.11 JSON parsing function deprecations warrant a minor version bump. --- yesod-core/ChangeLog.md | 4 ++++ yesod-core/Yesod/Core/Json.hs | 4 ++++ yesod-core/yesod-core.cabal | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md index a1e2946e..09145551 100644 --- a/yesod-core/ChangeLog.md +++ b/yesod-core/ChangeLog.md @@ -1,5 +1,9 @@ # ChangeLog for yesod-core +## 1.6.11 + +* Deprecate insecure JSON parsing functions [#1576](https://github.com/yesodweb/yesod/pull/1576) + ## 1.6.10.1 * Fix test suite compilation for [commercialhaskell/stackage#4319](https://github.com/commercialhaskell/stackage/issues/4319) diff --git a/yesod-core/Yesod/Core/Json.hs b/yesod-core/Yesod/Core/Json.hs index 3681cf87..3ced0c56 100644 --- a/yesod-core/Yesod/Core/Json.hs +++ b/yesod-core/Yesod/Core/Json.hs @@ -106,6 +106,8 @@ parseJsonBody = parseInsecureJsonBody -- indicates JSON content. -- -- Note: This function is vulnerable to CSRF attacks. +-- +-- @since 1.6.11 parseInsecureJsonBody :: (MonadHandler m, J.FromJSON a) => m (J.Result a) parseInsecureJsonBody = do eValue <- runConduit $ rawRequestBody .| runCatchC (sinkParser JP.value') @@ -150,6 +152,8 @@ requireJsonBody = requireInsecureJsonBody -- | Same as 'parseInsecureJsonBody', but return an invalid args response on a parse -- error. +-- +-- @since 1.6.11 requireInsecureJsonBody :: (MonadHandler m, J.FromJSON a) => m a requireInsecureJsonBody = do ra <- parseInsecureJsonBody diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal index fe523873..c0a1edff 100644 --- a/yesod-core/yesod-core.cabal +++ b/yesod-core/yesod-core.cabal @@ -1,5 +1,5 @@ name: yesod-core -version: 1.6.10.1 +version: 1.6.11 license: MIT license-file: LICENSE author: Michael Snoyman