activejob 5.2.1 → 5.2.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/lib/active_job/arguments.rb +1 -1
  4. data/lib/active_job/gem_version.rb +1 -1
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 491847c8e70544d210bec1944214bcb5dae08ac7b6c0aeee4e332183ac308188
4
- data.tar.gz: f6bd71b945dd95c8b9db643d9aef47d95c196a65e55ec397163051296fadd95f
3
+ metadata.gz: 3dc514bd9f97da2bbe477eee38eb5bb3b21df663baba450c0a08df2e6ced0a2b
4
+ data.tar.gz: d1ec4911647ab5d83071cad3af50bb4b70d2427498eba2944ad3b0598118006c
5
5
  SHA512:
6
- metadata.gz: d04b39b1da5f24fb83d66136ee6216557ed2278a68ab82ffa16a7ec77f2dc69779c544b50676af4b6b3581e08f51051fd9475bf3b763c721ba4295b97986f5b0
7
- data.tar.gz: 1deb3fbf8579d74ac2b624fe4c28675220e5af765a8fe14a93afdc57ba71135d164adaf76b51528e9c55c62e6f9452375b48f7f87700fdc9943d9a2bdec83acf
6
+ metadata.gz: e376b5e32ccbd0b183b7f43c7103326bdb0ebdf32e83ea9e4b170df9b6f6fd0c6b51a98a56fb3a02c45df0a0e84f5e43da3d4b8b158d13c1d35a66cfa92b147a
7
+ data.tar.gz: 027a340eca2bed0400ac5c785d0bc89b7b07cd91fdb564032a34037f617c845548fc1671ab6388adbaf9aa061e0642ad7814cfbb3f01f5f295c7fb3dcc248cc8
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ ## Rails 5.2.1.1 (November 27, 2018) ##
2
+
3
+ * Do not deserialize GlobalID objects that were not generated by Active Job.
4
+
5
+ Trusting any GlobaID object when deserializing jobs can allow attackers to access
6
+ information that should not be accessible to them.
7
+
8
+ Fix CVE-2018-16476.
9
+
10
+ *Rafael Mendonça França*
11
+
12
+
1
13
  ## Rails 5.2.1 (August 07, 2018) ##
2
14
 
3
15
  * Pass the error instance as the second parameter of block executed by `discard_on`.
data/lib/active_job/arguments.rb CHANGED
@@ -77,7 +77,7 @@ module ActiveJob
77
77
  def deserialize_argument(argument)
78
78
  case argument
79
79
  when String
80
- GlobalID::Locator.locate(argument) || argument
80
+ argument
81
81
  when *TYPE_WHITELIST
82
82
  argument
83
83
  when Array
data/lib/active_job/gem_version.rb CHANGED
@@ -10,7 +10,7 @@ module ActiveJob
10
10
  MAJOR = 5
11
11
  MINOR = 2
12
12
  TINY = 1
13
- PRE = nil
13
+ PRE = "1"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activejob
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.1
4
+ version: 5.2.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-07 00:00:00.000000000 Z
11
+ date: 2018-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.2.1
19
+ version: 5.2.1.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.2.1
26
+ version: 5.2.1.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: globalid
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,8 +86,8 @@ homepage: http://rubyonrails.org
86
86
  licenses:
87
87
  - MIT
88
88
  metadata:
89
- source_code_uri: https://github.com/rails/rails/tree/v5.2.1/activejob
90
- changelog_uri: https://github.com/rails/rails/blob/v5.2.1/activejob/CHANGELOG.md
89
+ source_code_uri: https://github.com/rails/rails/tree/v5.2.1.1/activejob
90
+ changelog_uri: https://github.com/rails/rails/blob/v5.2.1.1/activejob/CHANGELOG.md
91
91
  post_install_message:
92
92
  rdoc_options: []
93
93
  require_paths: