activejob 5.0.7 → 5.0.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +12 -0
  3. data/lib/active_job/arguments.rb +1 -1
  4. data/lib/active_job/gem_version.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 6eda3fc958200f0294633f6f2d0e35e91309b76c
4
- data.tar.gz: f762f832ffa3c722cb89f40ffb2c235495aca4aa
2
+ SHA256:
3
+ metadata.gz: 3d8f7bf7eeff920b3b7bae1b2c05564131f54652055cecbe76015830e9eae05b
4
+ data.tar.gz: e2b570bc075f42b95d13d160bb1605e07abd9699472ce2d8364f33d8f7a78c6a
5
5
  SHA512:
6
- metadata.gz: 2742d7389c5a1b531c20eba54fc55ca35153b74ad83109650329ee3227d1083109bbd373ebcfaec4c59d0fd5c696cc3dc37dfd92034ff5e36210754f6d53d712
7
- data.tar.gz: 6f220a6cf909f76da1f774789b6a27cbad1f1d85465af497484c7c0d1b4a3a14be7c5b87ca4f07ad4889393be7ef711518416d046ace0dfaaa58839afa824ff6
6
+ metadata.gz: 55468e17f85b3f9e05cb6b1854a664db60d2603a97a7fa733bde42b70c90930db3dc6c9b15db87d3264e55a4db46444bdbbdd46ec7d851223724407b625dcf05
7
+ data.tar.gz: a7a435f3e784e66c5b58a25882a62cc8651f72c7bdb4a3d680e8939257196087e5ff9e8697fb31d30fad9772a42e1d25a4b2c4eb7ff810b8169bc8fbe37a7d80
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ ## Rails 5.0.7.1 (November 27, 2018) ##
2
+
3
+ * Do not deserialize GlobalID objects that were not generated by Active Job.
4
+
5
+ Trusting any GlobaID object when deserializing jobs can allow attackers to access
6
+ information that should not be accessible to them.
7
+
8
+ Fix CVE-2018-16476.
9
+
10
+ *Rafael Mendonça França*
11
+
12
+
1
13
  ## Rails 5.0.7 (March 29, 2018) ##
2
14
 
3
15
  * No changes.
data/lib/active_job/arguments.rb CHANGED
@@ -87,7 +87,7 @@ module ActiveJob
87
87
  def deserialize_argument(argument)
88
88
  case argument
89
89
  when String
90
- GlobalID::Locator.locate(argument) || argument
90
+ argument
91
91
  when *TYPE_WHITELIST
92
92
  argument
93
93
  when Array
data/lib/active_job/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module ActiveJob
8
8
  MAJOR = 5
9
9
  MINOR = 0
10
10
  TINY = 7
11
- PRE = nil
11
+ PRE = "1"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activejob
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.7
4
+ version: 5.0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-29 00:00:00.000000000 Z
11
+ date: 2018-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.0.7
19
+ version: 5.0.7.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.0.7
26
+ version: 5.0.7.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: globalid
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
101
101
  version: '0'
102
102
  requirements: []
103
103
  rubyforge_project:
104
- rubygems_version: 2.6.14
104
+ rubygems_version: 2.7.6
105
105
  signing_key:
106
106
  specification_version: 4
107
107
  summary: Job framework with pluggable queues.