activejob 4.2.10 → 4.2.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +12 -0
  3. data/lib/active_job/arguments.rb +1 -1
  4. data/lib/active_job/gem_version.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 623b3bd3895d7f3f70568a7e1f2a61ba2d7883a6
4
- data.tar.gz: 15bd2c1a17f10e4fea263c3a58d7e9670f59bec6
2
+ SHA256:
3
+ metadata.gz: 822da5dc12be1d9f50854c0ec0a7361e14b9fa71baf4000daaafb6b412693778
4
+ data.tar.gz: 3cb37820ba4460c6d1919fe46bc299d593b668227a315ca898ad1b031b3c5cb6
5
5
  SHA512:
6
- metadata.gz: 2a8cf36da9c3522b6f3e5f58d7b44f5f02fc0135db4c07eaa7c17c79ff2a04637cdc1a7f2841a781a46e6e310ecb5f56d25358f21c0605b50ca9150ab377ca3d
7
- data.tar.gz: c21094c675f7af3bae0c8bffeb03395be522aca823997e7c4d2c907f5f38877957ce394611ed130675ea5a937dadc6ffacea4797ed19224d3b421c7bef8e0fc5
6
+ metadata.gz: 62e9a193a84e7265712596f7ec8498cf86b8fbac8693e220f7e461b07fe686999ad40027e266246e80663fc6570e8ce112108a71c4bc44955766566aaa21e3fa
7
+ data.tar.gz: 4db8caca5f3f4db30aeaff28cdc61cbf4cd748a81c1d79317a56cbd7370f4d697ae9a6ab81eae94e7c176d5bec41a7efe8f82aac03a2050088e1e85b18c93170
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ ## Rails 4.2.11 (November 27, 2018) ##
2
+
3
+ * Do not deserialize GlobalID objects that were not generated by Active Job.
4
+
5
+ Trusting any GlobaID object when deserializing jobs can allow attackers to access
6
+ information that should not be accessible to them.
7
+
8
+ Fix CVE-2018-16476.
9
+
10
+ *Rafael Mendonça França*
11
+
12
+
1
13
  ## Rails 4.2.10 (September 27, 2017) ##
2
14
 
3
15
  * No changes.
data/lib/active_job/arguments.rb CHANGED
@@ -75,7 +75,7 @@ module ActiveJob
75
75
  def deserialize_argument(argument)
76
76
  case argument
77
77
  when String
78
- GlobalID::Locator.locate(argument) || argument
78
+ argument
79
79
  when *TYPE_WHITELIST
80
80
  argument
81
81
  when Array
data/lib/active_job/gem_version.rb CHANGED
@@ -7,7 +7,7 @@ module ActiveJob
7
7
  module VERSION
8
8
  MAJOR = 4
9
9
  MINOR = 2
10
- TINY = 10
10
+ TINY = 11
11
11
  PRE = nil
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activejob
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.10
4
+ version: 4.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-27 00:00:00.000000000 Z
11
+ date: 2018-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.2.10
19
+ version: 4.2.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.2.10
26
+ version: 4.2.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: globalid
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -98,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
98
98
  version: '0'
99
99
  requirements: []
100
100
  rubyforge_project:
101
- rubygems_version: 2.5.2
101
+ rubygems_version: 2.7.6
102
102
  signing_key:
103
103
  specification_version: 4
104
104
  summary: Job framework with pluggable queues.