RubyGems - actionpack - Versions diffs - 3.1.6 → 3.1.7 - Mend

actionpack 3.1.6 → 3.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (4) hide show

data/CHANGELOG.md +4 -0
data/lib/action_controller/metal/http_authentication.rb +2 -2
data/lib/action_pack/version.rb +1 -1
metadata +148 -165

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+* Do not convert digest auth strings to symbols. CVE-2012-3424
 ## Rails 3.1.6 (Jun 12, 2012)
 *   nil is removed from array parameter values

data/lib/action_controller/metal/http_authentication.rb CHANGED Viewed

@@ -227,9 +227,9 @@ module ActionController
       end
       def decode_credentials(header)
-        Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+        HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
           key, value = pair.split('=', 2)
-          [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+          [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
         end]
       end

data/lib/action_pack/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 1
-    TINY  = 6
+    TINY  = 7
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata CHANGED Viewed

@@ -1,205 +1,199 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: actionpack
-version: !ruby/object:Gem::Version
-  hash: 15
+version: !ruby/object:Gem::Version
+  version: 3.1.7
   prerelease:
-  segments:
-  - 3
-  - 1
-  - 6
-  version: 3.1.6
 platform: ruby
-authors:
+authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-06-12 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2012-07-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - "="
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 3
-        - 1
-        - 6
-        version: 3.1.6
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: activemodel
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - "="
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 3
-        - 1
-        - 6
-        version: 3.1.6
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: rack-cache
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+- !ruby/object:Gem::Dependency
+  name: rack-cache
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 11
-        segments:
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency
-  name: builder
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: builder
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 7
-        segments:
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency
-  name: i18n
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 7
-        segments:
-        - 0
-        - 6
-        version: "0.6"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.6'
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency
-  name: rack
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 23
-        segments:
-        - 1
-        - 3
-        - 6
+      - !ruby/object:Gem::Version
         version: 1.3.6
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency
-  name: rack-test
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 5
-        segments:
-        - 0
-        - 6
-        - 1
+      - !ruby/object:Gem::Version
         version: 0.6.1
   type: :runtime
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency
-  name: rack-mount
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+- !ruby/object:Gem::Dependency
+  name: rack-mount
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 59
-        segments:
-        - 0
-        - 8
-        - 2
+      - !ruby/object:Gem::Version
         version: 0.8.2
   type: :runtime
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency
-  name: sprockets
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 7
-        segments:
-        - 2
-        - 0
-        - 4
+      - !ruby/object:Gem::Version
+        version: 0.8.2
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 2.0.4
   type: :runtime
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency
-  name: erubis
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.4
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 19
-        segments:
-        - 2
-        - 7
-        - 0
+      - !ruby/object:Gem::Version
         version: 2.7.0
   type: :runtime
-  version_requirements: *id010
-- !ruby/object:Gem::Dependency
-  name: tzinfo
   prerelease: false
-  requirement: &id011 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+- !ruby/object:Gem::Dependency
+  name: tzinfo
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 41
-        segments:
-        - 0
-        - 3
-        - 29
+      - !ruby/object:Gem::Version
         version: 0.3.29
   type: :development
-  version_requirements: *id011
-description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.29
+description: Web apps on Rails. Simple, battle-tested conventions for building and
+  testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - CHANGELOG.md
 - README.rdoc
 - MIT-LICENSE
@@ -390,38 +384,27 @@ files:
 - lib/sprockets/static_compiler.rb
 homepage: http://www.rubyonrails.org
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 57
-      segments:
-      - 1
-      - 8
-      - 7
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-requirements:
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
 - none
 rubyforge_project:
-rubygems_version: 1.8.22
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []