The most simple thing would be to change the default value of *read-eval* to false...
Marek On Wednesday, January 30, 2013 8:02:54 AM UTC+1, Takahiro Hozumi wrote: > > As more and more projects are using edn format for config, > communication and etc, I think that default value of *read-eval*, > which is true, is source of vulnerability such as recently reported > ring issue [1]. > And I don't understand why read-string depends on *read-eval* instead > of argument. > I believe optional argument is more preferable. > What do you think? > > [1] Ring 1.0.3 / 1.1.7 released to fix security flaw > > https://groups.google.com/group/clojure/browse_thread/thread/7b0fe662867b9124 > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
