actionpack 7.1.4 → 7.1.4.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6d6c0075e31a2470da87034e8352742903c176696808a902d17a33b8db79c0cd
|
4
|
+
data.tar.gz: a6c9e27f6650d1356b68de05dd835f7aa663d131410d188034d25c5f745f3a5e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e26080c351f2d9d2218a77a7a4583473eb6ecbec52f8eb5fd2879393f4037459acfaed714c0db8ead7905aa8234b48480d1ab313eb281eda1e9a7c8bb5f2cefe
|
7
|
+
data.tar.gz: bd2fa076443257da863689d42f1ca5e076a91282f374c8389452ec8604fe5e528830cdb5cd7763c79bd4194e1c3345221f2a409e80ae24dc625bba4d08a2d0d1
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
## Rails 7.1.4.1 (October 15, 2024) ##
|
2
|
+
|
3
|
+
* Avoid regex backtracking in HTTP Token authentication
|
4
|
+
|
5
|
+
[CVE-2024-47887]
|
6
|
+
|
7
|
+
* Avoid regex backtracking in query parameter filtering
|
8
|
+
|
9
|
+
[CVE-2024-41128]
|
10
|
+
|
1
11
|
## Rails 7.1.4 (August 22, 2024) ##
|
2
12
|
|
3
13
|
* Resolve deprecation warning in latest `selenium-webdriver`.
|
@@ -507,14 +507,11 @@ module ActionController
|
|
507
507
|
array_params.each { |param| (param[1] || +"").gsub! %r/^"|"$/, "" }
|
508
508
|
end
|
509
509
|
|
510
|
-
WHITESPACED_AUTHN_PAIR_DELIMITERS = /\s*#{AUTHN_PAIR_DELIMITERS}\s*/
|
511
|
-
private_constant :WHITESPACED_AUTHN_PAIR_DELIMITERS
|
512
|
-
|
513
510
|
# This method takes an authorization body and splits up the key-value
|
514
511
|
# pairs by the standardized <tt>:</tt>, <tt>;</tt>, or <tt>\t</tt>
|
515
512
|
# delimiters defined in +AUTHN_PAIR_DELIMITERS+.
|
516
513
|
def raw_params(auth)
|
517
|
-
_raw_params = auth.sub(TOKEN_REGEX, "").split(
|
514
|
+
_raw_params = auth.sub(TOKEN_REGEX, "").split(AUTHN_PAIR_DELIMITERS).map(&:strip)
|
518
515
|
_raw_params.reject!(&:empty?)
|
519
516
|
|
520
517
|
if !_raw_params.first&.start_with?(TOKEN_KEY)
|
@@ -64,12 +64,17 @@ module ActionDispatch
|
|
64
64
|
ActiveSupport::ParameterFilter.new(filters)
|
65
65
|
end
|
66
66
|
|
67
|
-
KV_RE = "[^&;=]+"
|
68
|
-
PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
|
69
67
|
def filtered_query_string # :doc:
|
70
|
-
query_string.
|
71
|
-
|
68
|
+
parts = query_string.split(/([&;])/)
|
69
|
+
filtered_parts = parts.map do |part|
|
70
|
+
if part.include?("=")
|
71
|
+
key, value = part.split("=", 2)
|
72
|
+
parameter_filter.filter(key => value).first.join("=")
|
73
|
+
else
|
74
|
+
part
|
75
|
+
end
|
72
76
|
end
|
77
|
+
filtered_parts.join("")
|
73
78
|
end
|
74
79
|
end
|
75
80
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.1.4
|
4
|
+
version: 7.1.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-10-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 7.1.4
|
19
|
+
version: 7.1.4.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 7.1.4
|
26
|
+
version: 7.1.4.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,28 +128,28 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - '='
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 7.1.4
|
131
|
+
version: 7.1.4.1
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - '='
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 7.1.4
|
138
|
+
version: 7.1.4.1
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: activemodel
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 7.1.4
|
145
|
+
version: 7.1.4.1
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 7.1.4
|
152
|
+
version: 7.1.4.1
|
153
153
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
154
154
|
testing MVC web applications. Works with any Rack-compatible server.
|
155
155
|
email: david@loudthinking.com
|
@@ -346,12 +346,12 @@ licenses:
|
|
346
346
|
- MIT
|
347
347
|
metadata:
|
348
348
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
349
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.1.4/actionpack/CHANGELOG.md
|
350
|
-
documentation_uri: https://api.rubyonrails.org/v7.1.4/
|
349
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.1.4.1/actionpack/CHANGELOG.md
|
350
|
+
documentation_uri: https://api.rubyonrails.org/v7.1.4.1/
|
351
351
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
352
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.1.4/actionpack
|
352
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.1.4.1/actionpack
|
353
353
|
rubygems_mfa_required: 'true'
|
354
|
-
post_install_message:
|
354
|
+
post_install_message:
|
355
355
|
rdoc_options: []
|
356
356
|
require_paths:
|
357
357
|
- lib
|
@@ -367,8 +367,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
367
367
|
version: '0'
|
368
368
|
requirements:
|
369
369
|
- none
|
370
|
-
rubygems_version: 3.5.
|
371
|
-
signing_key:
|
370
|
+
rubygems_version: 3.5.16
|
371
|
+
signing_key:
|
372
372
|
specification_version: 4
|
373
373
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|
374
374
|
test_files: []
|