What's Changed
- Fix GHSA-rvv3-g6hj-g44x: default MaxDepth of 64 for self-referential types (15.x backport) by @jbogard in #4619
Security
Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.
Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.
Users should upgrade to this release.
Security advisory: GHSA-rvv3-g6hj-g44x
Thanks to @skdishansachin for responsibly disclosing this issue.
Full Changelog: v15.1.0...v15.1.3