actionpack 7.1.3.3 → 7.1.3.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/action_dispatch/http/permissions_policy.rb +0 -7
  4. data/lib/action_pack/gem_version.rb +1 -1
  5. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba5549198fbf67f231ab2d5bb26259dd9ffd0e734bb783743cc2839093f54ad4
4
- data.tar.gz: 3de8f9fd3bb2e2a0be3bf1b0db1cdba86a3c0adb6fad2b340b914cafbd2ab6e0
3
+ metadata.gz: b8322f0e0b03702b4d77eacd0f77ddc0d0578389b0f9ae056338c97ce3239aa8
4
+ data.tar.gz: 04614dea6d1bab93cb2a21289272b0ee1a2705355ad260ea9be1a8c069f3c92a
5
5
  SHA512:
6
- metadata.gz: 86367d24a62fa2c7e4563904f238d5f54f7c71947686c033db9becb601b4b3a4945aa0cb24a7473bd2de6cc5a9ddd608d943da84e9a0b910b3388ee34424dcff
7
- data.tar.gz: 18418fd972cba25a43953ff3219d7d42e07ccfcfcd5f8d4c991c160882c0527dc090de72de47428bf877e9193953642f3291dcc89421653d88f880647815c8c2
6
+ metadata.gz: a36e9f99ced3f948578e34fc8f32fc1699e39c465374b875c4c987bbc27155bd1f57cb21a6cb92745125cb0bd0c0200ee0e8f2c5942cb008b302a054d1d65fc3
7
+ data.tar.gz: ed0ce501cbff0a1c315a583b369401d47b7cb2e36300d4a0470cad9366df85cf5dc449e5ef3472170dea52e7837e16d80d2b1ab80189a4818f3f28bdcf85233c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## Rails 7.1.3.4 (June 04, 2024) ##
2
+
3
+ * Include the HTTP Permissions-Policy on non-HTML Content-Types
4
+ [CVE-2024-28103]
5
+
6
+
1
7
  ## Rails 7.1.3.3 (May 16, 2024) ##
2
8
 
3
9
  * No changes.
data/lib/action_dispatch/http/permissions_policy.rb CHANGED
@@ -35,7 +35,6 @@ module ActionDispatch # :nodoc:
35
35
  def call(env)
36
36
  _, headers, _ = response = @app.call(env)
37
37
 
38
- return response unless html_response?(headers)
39
38
  return response if policy_present?(headers)
40
39
 
41
40
  request = ActionDispatch::Request.new(env)
@@ -52,12 +51,6 @@ module ActionDispatch # :nodoc:
52
51
  end
53
52
 
54
53
  private
55
- def html_response?(headers)
56
- if content_type = headers[Rack::CONTENT_TYPE]
57
- content_type.include?("html")
58
- end
59
- end
60
-
61
54
  def policy_present?(headers)
62
55
  headers[ActionDispatch::Constants::FEATURE_POLICY]
63
56
  end
data/lib/action_pack/gem_version.rb CHANGED
@@ -10,7 +10,7 @@ module ActionPack
10
10
  MAJOR = 7
11
11
  MINOR = 1
12
12
  TINY = 3
13
- PRE = "3"
13
+ PRE = "4"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.1.3.3
4
+ version: 7.1.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-16 00:00:00.000000000 Z
11
+ date: 2024-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.1.3.3
19
+ version: 7.1.3.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.1.3.3
26
+ version: 7.1.3.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,28 +128,28 @@ dependencies:
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 7.1.3.3
131
+ version: 7.1.3.4
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: 7.1.3.3
138
+ version: 7.1.3.4
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: activemodel
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 7.1.3.3
145
+ version: 7.1.3.4
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 7.1.3.3
152
+ version: 7.1.3.4
153
153
  description: Web apps on Rails. Simple, battle-tested conventions for building and
154
154
  testing MVC web applications. Works with any Rack-compatible server.
155
155
  email: david@loudthinking.com
@@ -346,10 +346,10 @@ licenses:
346
346
  - MIT
347
347
  metadata:
348
348
  bug_tracker_uri: https://github.com/rails/rails/issues
349
- changelog_uri: https://github.com/rails/rails/blob/v7.1.3.3/actionpack/CHANGELOG.md
350
- documentation_uri: https://api.rubyonrails.org/v7.1.3.3/
349
+ changelog_uri: https://github.com/rails/rails/blob/v7.1.3.4/actionpack/CHANGELOG.md
350
+ documentation_uri: https://api.rubyonrails.org/v7.1.3.4/
351
351
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
352
- source_code_uri: https://github.com/rails/rails/tree/v7.1.3.3/actionpack
352
+ source_code_uri: https://github.com/rails/rails/tree/v7.1.3.4/actionpack
353
353
  rubygems_mfa_required: 'true'
354
354
  post_install_message:
355
355
  rdoc_options: []
@@ -367,7 +367,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
367
367
  version: '0'
368
368
  requirements:
369
369
  - none
370
- rubygems_version: 3.5.10
370
+ rubygems_version: 3.3.27
371
371
  signing_key:
372
372
  specification_version: 4
373
373
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).