ClojureCLR v2.12 Release Notes
-
The new
clojure.ednnamespace reads edn (http://edn-format.org) data, and should be used for reading data from untrusted sources.Clojure's core read* functions can evaluate code, and should not be used to read data from untrusted sources. As of 1.5,
*read-eval*👌 supports a documented set of thread-local bindings, see the doc string for details.*read-eval*'s default can be set to false by setting a system property:-Dclojure.read.eval=false