actionpack 7.0.4.1 → 7.0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/action_dispatch/middleware/cookies.rb +2 -2
- data/lib/action_pack/gem_version.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c22bab78116ba16eb5b0040050758d1cdfdecb10e9f7d174116e8174c9f988f
|
4
|
+
data.tar.gz: 826c0844d869f71fd1e04b0295898ebe011a43085131224f1d12991fb8b3cbd0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 109a5ec54e9e254d8db491ce49027ced3eb8ab8f35ee41823cef7ce661067eceedc795f371871765c687ce96c1f452513319ad7363d349b3bedcf8837f71c692
|
7
|
+
data.tar.gz: 334ce823a8637370f5b6cf6baec372eebd97b6e573294f0d7229bf032a81a55079e63fb11cbd3c536b96c74801d2c291ef2e16ca8a13bef6d43585bfe55dc7bf
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## Rails 7.0.4.2 (January 24, 2023) ##
|
2
|
+
|
3
|
+
* Fix `domain: :all` for two letter TLD
|
4
|
+
|
5
|
+
This fixes a compatibility issue introduced in our previous security
|
6
|
+
release when using `domain: :all` with a two letter but single level top
|
7
|
+
level domain domain (like `.ca`, rather than `.co.uk`).
|
8
|
+
|
9
|
+
|
1
10
|
## Rails 7.0.4.1 (January 17, 2023) ##
|
2
11
|
|
3
12
|
* Fix sec issue with _url_host_allowed?
|
@@ -461,8 +461,8 @@ module ActionDispatch
|
|
461
461
|
# Case where tld_length is not provided
|
462
462
|
else
|
463
463
|
# Regular TLDs
|
464
|
-
if !(
|
465
|
-
cookie_domain = dot_splitted_host.last(2).join(
|
464
|
+
if !(/\.[^.]{2,3}\.[^.]{2}\z/.match?(request.host))
|
465
|
+
cookie_domain = dot_splitted_host.last(2).join(".")
|
466
466
|
# **.**, ***.** style TLDs like co.uk and com.au
|
467
467
|
else
|
468
468
|
cookie_domain = dot_splitted_host.last(3).join('.')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.0.4.
|
4
|
+
version: 7.0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-01-
|
11
|
+
date: 2023-01-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 7.0.4.
|
19
|
+
version: 7.0.4.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 7.0.4.
|
26
|
+
version: 7.0.4.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rack
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -98,28 +98,28 @@ dependencies:
|
|
98
98
|
requirements:
|
99
99
|
- - '='
|
100
100
|
- !ruby/object:Gem::Version
|
101
|
-
version: 7.0.4.
|
101
|
+
version: 7.0.4.2
|
102
102
|
type: :runtime
|
103
103
|
prerelease: false
|
104
104
|
version_requirements: !ruby/object:Gem::Requirement
|
105
105
|
requirements:
|
106
106
|
- - '='
|
107
107
|
- !ruby/object:Gem::Version
|
108
|
-
version: 7.0.4.
|
108
|
+
version: 7.0.4.2
|
109
109
|
- !ruby/object:Gem::Dependency
|
110
110
|
name: activemodel
|
111
111
|
requirement: !ruby/object:Gem::Requirement
|
112
112
|
requirements:
|
113
113
|
- - '='
|
114
114
|
- !ruby/object:Gem::Version
|
115
|
-
version: 7.0.4.
|
115
|
+
version: 7.0.4.2
|
116
116
|
type: :development
|
117
117
|
prerelease: false
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - '='
|
121
121
|
- !ruby/object:Gem::Version
|
122
|
-
version: 7.0.4.
|
122
|
+
version: 7.0.4.2
|
123
123
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
124
124
|
testing MVC web applications. Works with any Rack-compatible server.
|
125
125
|
email: david@loudthinking.com
|
@@ -310,10 +310,10 @@ licenses:
|
|
310
310
|
- MIT
|
311
311
|
metadata:
|
312
312
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
313
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.0.4.
|
314
|
-
documentation_uri: https://api.rubyonrails.org/v7.0.4.
|
313
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.0.4.2/actionpack/CHANGELOG.md
|
314
|
+
documentation_uri: https://api.rubyonrails.org/v7.0.4.2/
|
315
315
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
316
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.0.4.
|
316
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.0.4.2/actionpack
|
317
317
|
rubygems_mfa_required: 'true'
|
318
318
|
post_install_message:
|
319
319
|
rdoc_options: []
|