activerecord 5.2.4.1 → 5.2.4.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -0
- data/lib/active_record/connection_adapters/postgresql/oid/money.rb +2 -2
- data/lib/active_record/gem_version.rb +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f2708d8e7ee1c637b5f275dc9de0356b46de6c73dd7e8b8ccb200807b3b9a83c
|
|
4
|
+
data.tar.gz: be9dfcbd95f6c5f985b2efca5c1ac6696b93ee784b82a66f891f462bae17bd17
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ac41d6c4f9de03c04d2900115ddb4dfd2c0792e6b1a238f660e9dcf2cab57ffe0d06067484c9a7ce68cdf29e3619362c115951b9adbe680cfbbfd38d07fd6984
|
|
7
|
+
data.tar.gz: f4dba80f2ea62365003d717541e14ad0f6097798314fe927e8be0e0f806ca2567b53b85a73338890d4b607ee739b631e3db5b259ea8998af779b9ca5c90b505f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,33 @@
|
|
|
1
|
+
## Rails 5.2.4.6 (May 05, 2021) ##
|
|
2
|
+
|
|
3
|
+
* No changes.
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
## Rails 5.2.4.5 (February 10, 2021) ##
|
|
7
|
+
|
|
8
|
+
* Fix possible DoS vector in PostgreSQL money type
|
|
9
|
+
|
|
10
|
+
Carefully crafted input can cause a DoS via the regular expressions used
|
|
11
|
+
for validating the money format in the PostgreSQL adapter. This patch
|
|
12
|
+
fixes the regexp.
|
|
13
|
+
|
|
14
|
+
Thanks to @dee-see from Hackerone for this patch!
|
|
15
|
+
|
|
16
|
+
[CVE-2021-22880]
|
|
17
|
+
|
|
18
|
+
*Aaron Patterson*
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
## Rails 5.2.4.4 (September 09, 2020) ##
|
|
22
|
+
|
|
23
|
+
* No changes.
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
## Rails 5.2.4.3 (May 18, 2020) ##
|
|
27
|
+
|
|
28
|
+
* No changes.
|
|
29
|
+
|
|
30
|
+
|
|
1
31
|
## Rails 5.2.4.1 (December 18, 2019) ##
|
|
2
32
|
|
|
3
33
|
* No changes.
|
|
@@ -26,9 +26,9 @@ module ActiveRecord
|
|
|
26
26
|
|
|
27
27
|
value = value.sub(/^\((.+)\)$/, '-\1') # (4)
|
|
28
28
|
case value
|
|
29
|
-
when /^-?\D
|
|
29
|
+
when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
|
|
30
30
|
value.gsub!(/[^-\d.]/, "")
|
|
31
|
-
when /^-?\D
|
|
31
|
+
when /^-?\D*+[\d.]+,\d{2}$/ # (2)
|
|
32
32
|
value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
|
|
33
33
|
end
|
|
34
34
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.2.4.
|
|
4
|
+
version: 5.2.4.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-05-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 5.2.4.
|
|
19
|
+
version: 5.2.4.6
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 5.2.4.
|
|
26
|
+
version: 5.2.4.6
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: activemodel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 5.2.4.
|
|
33
|
+
version: 5.2.4.6
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 5.2.4.
|
|
40
|
+
version: 5.2.4.6
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: arel
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -307,9 +307,9 @@ homepage: http://rubyonrails.org
|
|
|
307
307
|
licenses:
|
|
308
308
|
- MIT
|
|
309
309
|
metadata:
|
|
310
|
-
source_code_uri: https://github.com/rails/rails/tree/v5.2.4.
|
|
311
|
-
changelog_uri: https://github.com/rails/rails/blob/v5.2.4.
|
|
312
|
-
post_install_message:
|
|
310
|
+
source_code_uri: https://github.com/rails/rails/tree/v5.2.4.6/activerecord
|
|
311
|
+
changelog_uri: https://github.com/rails/rails/blob/v5.2.4.6/activerecord/CHANGELOG.md
|
|
312
|
+
post_install_message:
|
|
313
313
|
rdoc_options:
|
|
314
314
|
- "--main"
|
|
315
315
|
- README.rdoc
|
|
@@ -326,8 +326,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
326
326
|
- !ruby/object:Gem::Version
|
|
327
327
|
version: '0'
|
|
328
328
|
requirements: []
|
|
329
|
-
rubygems_version: 3.
|
|
330
|
-
signing_key:
|
|
329
|
+
rubygems_version: 3.1.2
|
|
330
|
+
signing_key:
|
|
331
331
|
specification_version: 4
|
|
332
332
|
summary: Object-relational mapper framework (part of Rails).
|
|
333
333
|
test_files: []
|