The taint mechanism will be deprecated in Ruby 2.7 #1083
Conversation
The Ruby core team decided to deprecate the taint mechanism in Ruby 2.7 and will remove that in Ruby 3. https://bugs.ruby-lang.org/issues/16131 ruby/ruby#2476 In Ruby 2.7, `Object#{taint,untaint,trust,untrust}` and related functions in the C-API no longer have an effect (all objects are always considered untainted), and are now warned deprecation message.
|
I'm not sure yet I understand the impact for older Rubies to use the non-taint API calls; it sounds like most code in practice is not using taint hints to protect against untrusted inputs, and so in practice there won't be any impact to "most" real user code? But I wonder if it wouldn't make sense to wrap these in #ifdef until the older Rubies are no longer supported by this gem. |
|
IMO if we marked OTOH I believe the inconsistency is not intended. So I'd say yes for the answer "it sounds like most code in practice is not using taint hints to protect against untrusted inputs, and so in practice there won't be any impact to "most" real user code?". |
The Ruby core team decided to deprecate the taint mechanism in Ruby 2.7 and will remove that in Ruby 3. https://bugs.ruby-lang.org/issues/16131 ruby/ruby#2476 In Ruby 2.7, `Object#{taint,untaint,trust,untrust}` and related functions in the C-API no longer have an effect (all objects are always considered untainted), and are now warned deprecation message.
The Ruby core team decided to deprecate the taint mechanism in Ruby 2.7 and will remove that in Ruby 3. https://bugs.ruby-lang.org/issues/16131 ruby/ruby#2476 In Ruby 2.7, `Object#{taint,untaint,trust,untrust}` and related functions in the C-API no longer have an effect (all objects are always considered untainted), and are now warned deprecation message.
The Ruby core team decided to deprecate the taint mechanism in Ruby 2.7 and will remove that in Ruby 3. https://bugs.ruby-lang.org/issues/16131 ruby/ruby#2476 In Ruby 2.7, `Object#{taint,untaint,trust,untrust}` and related functions in the C-API no longer have an effect (all objects are always considered untainted), and are now warned deprecation message.
The Ruby core team decided to deprecate the taint mechanism in Ruby 2.7 and will remove that in Ruby 3. https://bugs.ruby-lang.org/issues/16131 ruby/ruby#2476 In Ruby 2.7, `Object#{taint,untaint,trust,untrust}` and related functions in the C-API no longer have an effect (all objects are always considered untainted), and are now warned deprecation message.
The Ruby core team decided to deprecate the taint mechanism in Ruby 2.7
and will remove that in Ruby 3.
https://bugs.ruby-lang.org/issues/16131
ruby/ruby#2476
In Ruby 2.7,
Object#{taint,untaint,trust,untrust}and relatedfunctions in the C-API no longer have an effect (all objects are always
considered untainted), and are now warned deprecation message.