So with all the discussions about the YAML security hole (that tends to read more like "chicken little" in most blogs), and that it could affect other languages (like python) under certain conditions.. has anyone looked at any potential [security] impact for blender? Also since the OpenColorIO lib uses it, it hypothetically might be a problem too. Currently I'm not sure how blender deals with python scripts embedded in .blend files to prevent the blender equivalent of a macro virus, but even if sand-boxed, could things like YAML be used to bypass any protections?
A page that talks about risks in PyYAML: http://nedbatchelder.com/blog/201302/war_is_peace.html -Chad _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
