activejob 5.1.6 → 5.1.6.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: f0ad3ea7f86deb80ca71316b26ed4c59e09bdaf2
4
- data.tar.gz: c406e7d29b9eacadfa12b50d8ff8b225f0280303
2
+ SHA256:
3
+ metadata.gz: 1df60cdfd3f090f37dded287be3e050d70d8e546e43b60de9403384c06d28423
4
+ data.tar.gz: 0564715d236151d88d5dddd0cf0356c948beb285fc735ce7a6329c96329351a0
5
5
  SHA512:
6
- metadata.gz: 1547848f6e4cc9e34b84c7bd02eab647d44b0e54612841248e2adcfebd47806f7194693366ad0053200266d51dd5775e410e80226d712e8b6fcb5a759b05dc37
7
- data.tar.gz: a42f8d3550e129c298308b0906da04a5de6f8e047841cd81fdc3d64ab3b60e4f08c2a7af8df5720b91c4d2c07499440dfc91d60994986c8012a9bf4eb732f59a
6
+ metadata.gz: d28a66625b0b31ca036c991c58e989db929f481276388413fc8cf50d9434f021a44f61e4bb7b22124acf59d2905c368e47b94fedc704b1b4e1533eca55621e65
7
+ data.tar.gz: b1e523281c8c393210d001e978b0fa79e9d77fe5b4b06f4abc2fbe10aad61b1a3be7efa1c04ea1c6f55e25b4f5c86c7b1b712f05ab7a61773ea73b50ba6522f6
@@ -1,3 +1,15 @@
1
+ ## Rails 5.1.6.1 (November 27, 2018) ##
2
+
3
+ * Do not deserialize GlobalID objects that were not generated by Active Job.
4
+
5
+ Trusting any GlobaID object when deserializing jobs can allow attackers to access
6
+ information that should not be accessible to them.
7
+
8
+ Fix CVE-2018-16476.
9
+
10
+ *Rafael Mendonça França*
11
+
12
+
1
13
  ## Rails 5.1.6 (March 29, 2018) ##
2
14
 
3
15
  * No changes.
@@ -75,7 +75,7 @@ module ActiveJob
75
75
  def deserialize_argument(argument)
76
76
  case argument
77
77
  when String
78
- GlobalID::Locator.locate(argument) || argument
78
+ argument
79
79
  when *TYPE_WHITELIST
80
80
  argument
81
81
  when Array
@@ -8,7 +8,7 @@ module ActiveJob
8
8
  MAJOR = 5
9
9
  MINOR = 1
10
10
  TINY = 6
11
- PRE = nil
11
+ PRE = "1"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activejob
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.6
4
+ version: 5.1.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-29 00:00:00.000000000 Z
11
+ date: 2018-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.1.6
19
+ version: 5.1.6.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.1.6
26
+ version: 5.1.6.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: globalid
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,8 +86,8 @@ homepage: http://rubyonrails.org
86
86
  licenses:
87
87
  - MIT
88
88
  metadata:
89
- source_code_uri: https://github.com/rails/rails/tree/v5.1.6/activejob
90
- changelog_uri: https://github.com/rails/rails/blob/v5.1.6/activejob/CHANGELOG.md
89
+ source_code_uri: https://github.com/rails/rails/tree/v5.1.6.1/activejob
90
+ changelog_uri: https://github.com/rails/rails/blob/v5.1.6.1/activejob/CHANGELOG.md
91
91
  post_install_message:
92
92
  rdoc_options: []
93
93
  require_paths:
@@ -104,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
104
104
  version: '0'
105
105
  requirements: []
106
106
  rubyforge_project:
107
- rubygems_version: 2.6.14
107
+ rubygems_version: 2.7.6
108
108
  signing_key:
109
109
  specification_version: 4
110
110
  summary: Job framework with pluggable queues.