* lib/yaml.rb: add security warning to YAML documentation

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-04-27 14:54:37 +0000
committer: charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-04-27 14:54:37 +0000
commit: b5e8e33ddc880c98c30a1abe644c6af2e57b5496 (patch)
tree: 2cf9866447ed264f732da6b791cba4e4c78738c1
parent: 3e1fad843e29d8004aabf2f30a9bb031b02ca209 (diff)
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 9e2fda80ed..7ecaa3e96e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sat Apr 27 23:53:00 2013  Charlie Somerville  <[email protected]>
+
+	* lib/yaml.rb: add security warning to YAML documentation
+
 Sat Apr 27 23:25:00 2013  Zachary Scott  <[email protected]>
 
 	* lib/yaml.rb: Documentation for YAML module [Bug #8213]
diff --git a/lib/yaml.rb b/lib/yaml.rb
index 76657cdd0b..f2177accbd 100644
--- a/lib/yaml.rb
+++ b/lib/yaml.rb
@@ -73,6 +73,10 @@ end
 #     YAML.dump("foo")     # => "--- foo\n...\n"
 #     { :a => 'b'}.to_yaml  # => "---\n:a: b\n"
 #
+# Do not use YAML to load untrusted data. Doing so is unsafe and could allow
+# malicious input to execute arbitrary code inside your application. Please see
+# doc/security.rdoc for more information.
+#
 # For more advanced details on the implementation see Psych, and also check out
 # yaml.org for spec details and other helpful information.
 module YAML; end
author	charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-04-27 14:54:37 +0000
committer	charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-04-27 14:54:37 +0000
commit	b5e8e33ddc880c98c30a1abe644c6af2e57b5496 (patch)
tree	2cf9866447ed264f732da6b791cba4e4c78738c1
parent	3e1fad843e29d8004aabf2f30a9bb031b02ca209 (diff)