Changelog

1.2.2 (08.09.2020)

Enhancements

Support Decimal 2.0

1.2.1 (04.05.2020)

Security

Fix html_safe escaping in Jason.encode

The <!-- sequence of characters would not be escaped in Jason.encode withhtml_escape mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of <script> tags).

If you were not using the html_safe option, you are not affected.

Affected versions: < 1.2.1 Patched versions: >= 1.2.1

1.2.0 (17.03.2020)

Enhancements

Add Jason.Encode.keyword/2 (cb1f26a).

Bug fixes

Fix Jason.Helpers.json_map/1 value expansion (70b046a).

1.1.2 (19.10.2018)

Bug fixes

correctly handle the pretty: false option (ba318c8).

1.1.1 (10.07.2018)

Bug fixes

correctly handle escape sequences in strings when pretty printing (794bbe4).

1.1.0 (02.07.2018)

Enhancements

pretty-printing support through Jason.Formatter and pretty: true option in Jason.encode/2 (d758e36).

Bug fixes

silence variable warnings for fields with underscores used during deriving (88dd85c).
potential incompatibility don't raise Protocol.UndefinedError in non-bang functions (ad0f57b).

1.0.1 (02.07.2018)

Bug fixes

fix Jason.Encode.escape type (a57b430)
multiple documentation improvements

1.0.0 (26.01.2018)

No changes

1.0.0-rc.3 (26.01.2018)

Changes

update escape option of Jason.encode/2 to take values: :json | :unicode_safe | :html_safe | :javascript_safe for consistency. Old values of :unicode and :javascript are still supported for compatibility with Poison. (f42dcbd)

1.0.0-rc.2 (07.01.2018)

Bug fixes

add type for strings option (b459ee4)
support iodata in decode! (a1f3456)

1.0.0-rc.1 (22.12.2017)

Initial release