This is a security patch for JSON body parsers.
The Problem
JSON body parsing was implemented using Hanami::Utils::Json.load, which internally uses JSON.load.
According to Ruby docs, JSON.load should be used only with trusted data, because it evals the given payload.
Thanks to Lucas Hosseini for spotting this problem.
The Fix
We introduced Hanami::Utils::Json.parse, which is a safe alternative for JSON parsing.
JSON body parser now uses this new method, in order to guaratee a higher level of safety.
How To Fix Your Project
From the root of your Hanami project: bundle update hanami.
Released Gems
hanami-0.9.1hanami-utils-0.9.1hanami-router-0.8.1hanami-validations-0.7.1
