Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update RELEASE_NOTES.md for 0.12.0 release #285

Merged
merged 4 commits into from
Jan 12, 2022
Merged

Update RELEASE_NOTES.md for 0.12.0 release #285

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6908834
Update RELEASE_NOTES.md for 0.11.3 release
Arkatufus Jan 11, 2022
3ee4783
Merge branch 'dev' into Update_RELEASE_NOTES_for_0.11.3
Arkatufus Jan 11, 2022
50b6259
Chage wording and version number to 0.12.0
Arkatufus Jan 11, 2022
e1092d7
Merge branch 'Update_RELEASE_NOTES_for_0.11.3' of github.com:Arkatufu…
Arkatufus Jan 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions RELEASE_NOTES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,21 @@
### 0.12.0 January 12 2022 ####

* Allow explicit control over which types can be deserialized [#281](https://github.com/akkadotnet/Hyperion/pull/281)

We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent [deserialization of untrusted data](https://cwe.mitre.org/data/definitions/502.html). You can now create a custom deserialize layer type filter programmatically:

```c#
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
```

For complete documentation, please read the [readme on filtering types for secure deserialization.](https://github.com/akkadotnet/Hyperion#whitelisting-types-on-deserialization)

### 0.11.2 October 7 2021 ####
* Fix exception thrown during deserialization when preserve object reference was turned on
and a surrogate instance was inserted into a collection multiple times. [#264](https://github.com/akkadotnet/Hyperion/pull/264)
Expand Down