activejob 5.0.7 → 5.0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +12 -0
  3. data/lib/active_job/arguments.rb +1 -1
  4. data/lib/active_job/gem_version.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 6eda3fc958200f0294633f6f2d0e35e91309b76c
4
- data.tar.gz: f762f832ffa3c722cb89f40ffb2c235495aca4aa
2
+ SHA256:
3
+ metadata.gz: 3d8f7bf7eeff920b3b7bae1b2c05564131f54652055cecbe76015830e9eae05b
4
+ data.tar.gz: e2b570bc075f42b95d13d160bb1605e07abd9699472ce2d8364f33d8f7a78c6a
5
5
  SHA512:
6
- metadata.gz: 2742d7389c5a1b531c20eba54fc55ca35153b74ad83109650329ee3227d1083109bbd373ebcfaec4c59d0fd5c696cc3dc37dfd92034ff5e36210754f6d53d712
7
- data.tar.gz: 6f220a6cf909f76da1f774789b6a27cbad1f1d85465af497484c7c0d1b4a3a14be7c5b87ca4f07ad4889393be7ef711518416d046ace0dfaaa58839afa824ff6
6
+ metadata.gz: 55468e17f85b3f9e05cb6b1854a664db60d2603a97a7fa733bde42b70c90930db3dc6c9b15db87d3264e55a4db46444bdbbdd46ec7d851223724407b625dcf05
7
+ data.tar.gz: a7a435f3e784e66c5b58a25882a62cc8651f72c7bdb4a3d680e8939257196087e5ff9e8697fb31d30fad9772a42e1d25a4b2c4eb7ff810b8169bc8fbe37a7d80
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ ## Rails 5.0.7.1 (November 27, 2018) ##
2
+
3
+ * Do not deserialize GlobalID objects that were not generated by Active Job.
4
+
5
+ Trusting any GlobaID object when deserializing jobs can allow attackers to access
6
+ information that should not be accessible to them.
7
+
8
+ Fix CVE-2018-16476.
9
+
10
+ *Rafael Mendonça França*
11
+
12
+
1
13
  ## Rails 5.0.7 (March 29, 2018) ##
2
14
 
3
15
  * No changes.
data/lib/active_job/arguments.rb CHANGED
@@ -87,7 +87,7 @@ module ActiveJob
87
87
  def deserialize_argument(argument)
88
88
  case argument
89
89
  when String
90
- GlobalID::Locator.locate(argument) || argument
90
+ argument
91
91
  when *TYPE_WHITELIST
92
92
  argument
93
93
  when Array
data/lib/active_job/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module ActiveJob
8
8
  MAJOR = 5
9
9
  MINOR = 0
10
10
  TINY = 7
11
- PRE = nil
11
+ PRE = "1"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activejob
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.7
4
+ version: 5.0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-29 00:00:00.000000000 Z
11
+ date: 2018-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.0.7
19
+ version: 5.0.7.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.0.7
26
+ version: 5.0.7.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: globalid
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
101
101
  version: '0'
102
102
  requirements: []
103
103
  rubyforge_project:
104
- rubygems_version: 2.6.14
104
+ rubygems_version: 2.7.6
105
105
  signing_key:
106
106
  specification_version: 4
107
107
  summary: Job framework with pluggable queues.