actionpack 7.1.3 → 7.1.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/abstract_controller/translation.rb +7 -0
- data/lib/action_dispatch/http/mime_type.rb +2 -2
- data/lib/action_pack/gem_version.rb +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4292c39dbe982f29c089fbad81538386ac6b1b4dd79f344e3c1ff7374d4e59f3
|
4
|
+
data.tar.gz: 89469955ba1aaa7c39380024f91094fe396b90171b5ad8a97600954473661a90
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2ce33132f475091c9ebd244ef0c84761af9d5b9eedf89069be5ae47d1164277608f29845f8240a002fb8b7f24b70548948a82f390b786f1161d14a55084f6e41
|
7
|
+
data.tar.gz: 897ca28b4db398d969fa25b5d7a9dc75667eb73c0a94c993732a84b2ddbdaffa0fe12cfa3eab5f8094022d057f2cfb19b3d83716103924c29a5ddc14f9f7f923
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
## Rails 7.1.3.2 (February 21, 2024) ##
|
2
|
+
|
3
|
+
* Fix `raise_on_missing_translations` not working correctly with the
|
4
|
+
`translate` method in controllers after the patch for CVE-2024-26143.
|
5
|
+
|
6
|
+
## Rails 7.1.3.1 (February 21, 2024) ##
|
7
|
+
|
8
|
+
* Fix possible XSS vulnerability with the `translate` method in controllers
|
9
|
+
|
10
|
+
CVE-2024-26143
|
11
|
+
|
12
|
+
* Fix ReDoS in Accept header parsing
|
13
|
+
|
14
|
+
CVE-2024-26142
|
15
|
+
|
1
16
|
## Rails 7.1.3 (January 16, 2024) ##
|
2
17
|
|
3
18
|
* Fix including `Rails.application.routes.url_helpers` directly in an
|
@@ -21,6 +21,13 @@ module AbstractController
|
|
21
21
|
key = "#{path}.#{action_name}#{key}"
|
22
22
|
end
|
23
23
|
|
24
|
+
if options[:default]
|
25
|
+
options[:default] = [options[:default]] unless options[:default].is_a?(Array)
|
26
|
+
options[:default] = options[:default].map do |value|
|
27
|
+
value.is_a?(String) ? ERB::Util.html_escape(value) : value
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
24
31
|
ActiveSupport::HtmlSafeTranslation.translate(key, **options)
|
25
32
|
end
|
26
33
|
alias :t :translate
|
@@ -154,7 +154,7 @@ module Mime
|
|
154
154
|
TRAILING_STAR_REGEXP = /^(text|application)\/\*/
|
155
155
|
# all media-type parameters need to be before the q-parameter
|
156
156
|
# https://www.rfc-editor.org/rfc/rfc7231#section-5.3.2
|
157
|
-
PARAMETER_SEPARATOR_REGEXP =
|
157
|
+
PARAMETER_SEPARATOR_REGEXP = /;\s*q="?/
|
158
158
|
ACCEPT_HEADER_REGEXP = /[^,\s"](?:[^,"]|"[^"]*")*/
|
159
159
|
|
160
160
|
def register_callback(&block)
|
@@ -193,7 +193,7 @@ module Mime
|
|
193
193
|
def parse(accept_header)
|
194
194
|
if !accept_header.include?(",")
|
195
195
|
if (index = accept_header.index(PARAMETER_SEPARATOR_REGEXP))
|
196
|
-
accept_header = accept_header[0, index]
|
196
|
+
accept_header = accept_header[0, index].strip
|
197
197
|
end
|
198
198
|
return [] if accept_header.blank?
|
199
199
|
parse_trailing_star(accept_header) || Array(Mime::Type.lookup(accept_header))
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.1.3
|
4
|
+
version: 7.1.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-02-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 7.1.3
|
19
|
+
version: 7.1.3.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 7.1.3
|
26
|
+
version: 7.1.3.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,28 +128,28 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - '='
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 7.1.3
|
131
|
+
version: 7.1.3.2
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - '='
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 7.1.3
|
138
|
+
version: 7.1.3.2
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: activemodel
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 7.1.3
|
145
|
+
version: 7.1.3.2
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 7.1.3
|
152
|
+
version: 7.1.3.2
|
153
153
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
154
154
|
testing MVC web applications. Works with any Rack-compatible server.
|
155
155
|
email: david@loudthinking.com
|
@@ -346,10 +346,10 @@ licenses:
|
|
346
346
|
- MIT
|
347
347
|
metadata:
|
348
348
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
349
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.1.3/actionpack/CHANGELOG.md
|
350
|
-
documentation_uri: https://api.rubyonrails.org/v7.1.3/
|
349
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.1.3.2/actionpack/CHANGELOG.md
|
350
|
+
documentation_uri: https://api.rubyonrails.org/v7.1.3.2/
|
351
351
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
352
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.1.3/actionpack
|
352
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.1.3.2/actionpack
|
353
353
|
rubygems_mfa_required: 'true'
|
354
354
|
post_install_message:
|
355
355
|
rdoc_options: []
|
@@ -367,7 +367,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
367
367
|
version: '0'
|
368
368
|
requirements:
|
369
369
|
- none
|
370
|
-
rubygems_version: 3.
|
370
|
+
rubygems_version: 3.5.3
|
371
371
|
signing_key:
|
372
372
|
specification_version: 4
|
373
373
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|