Update RELEASE_NOTES.md for 0.12.0 release #285
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,21 @@ | ||
| ### 0.11.3 January 12 2022 #### | ||
|
|
||
| * Add deserialization whitelisting feature [#281](https://github.com/akkadotnet/Hyperion/pull/281) | ||
|
There was a problem hiding this comment. I'd reword this to "allow explicit control over which types can be deserialized" - and then I'd mention that it's recommended to use this feature as a best practice going forward because it can prevent https://cwe.mitre.org/data/definitions/502.html I'll probably also need to add security notices for this repo too so that alert will get pushed out in the dependabot notifications for repos that have it enabled. I'll need to look into how to do that. |
||
|
|
||
| We've expanded our deserialization safety check to block dangerous types from being deserialized. You can now create a custom deserialize layer type filter programmatically: | ||
|
There was a problem hiding this comment. This and the sample are good |
||
|
|
||
| ```c# | ||
| var typeFilter = TypeFilterBuilder.Create() | ||
| .Include<AllowedClassA>() | ||
| .Include<AllowedClassB>() | ||
| .Build(); | ||
| var options = SerializerOptions.Default | ||
| .WithTypeFilter(typeFilter); | ||
| var serializer = new Serializer(options); | ||
| ``` | ||
|
|
||
| For complete documentation, please read the [readme on whitelisting types.](https://github.com/akkadotnet/Hyperion#whitelisting-types-on-deserialization) | ||
|
There was a problem hiding this comment. Change the link text to say "readme on filtering types for secure deserialization" |
||
|
|
||
| ### 0.11.2 October 7 2021 #### | ||
| * Fix exception thrown during deserialization when preserve object reference was turned on | ||
| and a surrogate instance was inserted into a collection multiple times. [#264](https://github.com/akkadotnet/Hyperion/pull/264) | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Version number should be 0.12.0