Update RELEASE_NOTES.md for 0.12.0 release #285
Conversation
RELEASE_NOTES.md
Outdated
| @@ -1,3 +1,21 @@ | |||
| ### 0.11.3 January 12 2022 #### | |||
There was a problem hiding this comment.
Version number should be 0.12.0
RELEASE_NOTES.md
Outdated
| @@ -1,3 +1,21 @@ | |||
| ### 0.11.3 January 12 2022 #### | |||
|
|
|||
| * Add deserialization whitelisting feature [#281](https://github.com/akkadotnet/Hyperion/pull/281) | |||
There was a problem hiding this comment.
I'd reword this to "allow explicit control over which types can be deserialized" - and then I'd mention that it's recommended to use this feature as a best practice going forward because it can prevent https://cwe.mitre.org/data/definitions/502.html
I'll probably also need to add security notices for this repo too so that alert will get pushed out in the dependabot notifications for repos that have it enabled. I'll need to look into how to do that.
RELEASE_NOTES.md
Outdated
|
|
||
| * Add deserialization whitelisting feature [#281](https://github.com/akkadotnet/Hyperion/pull/281) | ||
|
|
||
| We've expanded our deserialization safety check to block dangerous types from being deserialized. You can now create a custom deserialize layer type filter programmatically: |
There was a problem hiding this comment.
This and the sample are good
RELEASE_NOTES.md
Outdated
| var serializer = new Serializer(options); | ||
| ``` | ||
|
|
||
| For complete documentation, please read the [readme on whitelisting types.](https://github.com/akkadotnet/Hyperion#whitelisting-types-on-deserialization) |
There was a problem hiding this comment.
Change the link text to say "readme on filtering types for secure deserialization"
…s/Hyperion into Update_RELEASE_NOTES_for_0.11.3
Arkatufus
changed the title
No description provided.