Set Global timeout for Regexp to prevent ReDOS
Compare changes
- Aboobacker MK authored
Ruby version 3.2 and above provides global configuration to prevent ReDoS by setting timeout. While we should still avoid writing vulnerable regular expressions, this will significantly reduce the attack surface. Changelog: security
config/initializers/regexp.rb
0 → 100644
+ 4
− 0