RubyGems - actionpack - Versions diffs - 7.0.4.1 → 7.0.4.2 - Mend

actionpack 7.0.4.1 → 7.0.4.2

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/lib/action_dispatch/middleware/cookies.rb +2 -2
data/lib/action_pack/gem_version.rb +1 -1
metadata +11 -11

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f31d845cb672a69a48bf5a99d24da4cc0a1911dd90592b7f569954a08040d32
-  data.tar.gz: 4f82a27ee5dba8c642621ab247ef345b7daff0e9e4fe25c3ba81163a2a31b8d5
+  metadata.gz: 2c22bab78116ba16eb5b0040050758d1cdfdecb10e9f7d174116e8174c9f988f
+  data.tar.gz: 826c0844d869f71fd1e04b0295898ebe011a43085131224f1d12991fb8b3cbd0
 SHA512:
-  metadata.gz: 7094329330497de30fa9dbae232a2563a3699129681dbba34092db10f3e07d97b9905abe2d4339f50c39b8f45c6e9765a77523c379dbe53f3ff96cb544586483
-  data.tar.gz: db8c045d237562750468b511cd54990c2fe0069fe7942e663f013f6cdfa30e7211b8f9874cdc7187dc0b16f1238cb331dde86bbd38f796688935e541b0fcac25
+  metadata.gz: 109a5ec54e9e254d8db491ce49027ced3eb8ab8f35ee41823cef7ce661067eceedc795f371871765c687ce96c1f452513319ad7363d349b3bedcf8837f71c692
+  data.tar.gz: 334ce823a8637370f5b6cf6baec372eebd97b6e573294f0d7229bf032a81a55079e63fb11cbd3c536b96c74801d2c291ef2e16ca8a13bef6d43585bfe55dc7bf

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,12 @@
+## Rails 7.0.4.2 (January 24, 2023) ##
+*   Fix `domain: :all` for two letter TLD
+    This fixes a compatibility issue introduced in our previous security
+    release when using `domain: :all` with a two letter but single level top
+    level domain domain (like `.ca`, rather than `.co.uk`).
 ## Rails 7.0.4.1 (January 17, 2023) ##
 *   Fix sec issue with _url_host_allowed?

data/lib/action_dispatch/middleware/cookies.rb CHANGED Viewed

@@ -461,8 +461,8 @@ module ActionDispatch
             # Case where tld_length is not provided
             else
               # Regular TLDs
-              if !(/([^.]{2,3}\.[^.]{2})$/.match?(request.host))
-                cookie_domain = dot_splitted_host.last(2).join('.')
+              if !(/\.[^.]{2,3}\.[^.]{2}\z/.match?(request.host))
+                cookie_domain = dot_splitted_host.last(2).join(".")
               # **.**, ***.** style TLDs like co.uk and com.au
               else
                 cookie_domain = dot_splitted_host.last(3).join('.')

data/lib/action_pack/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ActionPack
     MAJOR = 7
     MINOR = 0
     TINY  = 4
-    PRE   = "1"
+    PRE   = "2"
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 7.0.4.1
+  version: 7.0.4.2
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-17 00:00:00.000000000 Z
+date: 2023-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.1
+        version: 7.0.4.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.1
+        version: 7.0.4.2
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.1
+        version: 7.0.4.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.1
+        version: 7.0.4.2
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.1
+        version: 7.0.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.1
+        version: 7.0.4.2
 description: Web apps on Rails. Simple, battle-tested conventions for building and
   testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
@@ -310,10 +310,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.0.4.1/actionpack/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.0.4.1/
+  changelog_uri: https://github.com/rails/rails/blob/v7.0.4.2/actionpack/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.0.4.2/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.0.4.1/actionpack
+  source_code_uri: https://github.com/rails/rails/tree/v7.0.4.2/actionpack
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []