activerecord 5.2.4 → 5.2.4.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f7fc834af19132b6ad9d70b3809c7a19ae4e83c133e8332681ccbf6d7fd1f48d
|
4
|
+
data.tar.gz: 6257ed9838f4a3cae375ad8834f849a3178f8c571b09b525b60118f350018920
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac8563d07cd073721ec55daaefa751752efb9d10657cb8900d0416bf072be299001452b7d59f133a09810abf4bd080d8b9a89250e1741c00eff7a65d2f275ec3
|
7
|
+
data.tar.gz: '0868ed81dbdac5476819f3cf7002778b42cbe1683ee73168f48c90743d684616d10b303e2fc222670613d59493051e3eca87beaf09ad28652d81b377a4f81fbc'
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,33 @@
|
|
1
|
+
## Rails 5.2.4.5 (February 10, 2021) ##
|
2
|
+
|
3
|
+
* Fix possible DoS vector in PostgreSQL money type
|
4
|
+
|
5
|
+
Carefully crafted input can cause a DoS via the regular expressions used
|
6
|
+
for validating the money format in the PostgreSQL adapter. This patch
|
7
|
+
fixes the regexp.
|
8
|
+
|
9
|
+
Thanks to @dee-see from Hackerone for this patch!
|
10
|
+
|
11
|
+
[CVE-2021-22880]
|
12
|
+
|
13
|
+
*Aaron Patterson*
|
14
|
+
|
15
|
+
|
16
|
+
## Rails 5.2.4.4 (September 09, 2020) ##
|
17
|
+
|
18
|
+
* No changes.
|
19
|
+
|
20
|
+
|
21
|
+
## Rails 5.2.4.3 (May 18, 2020) ##
|
22
|
+
|
23
|
+
* No changes.
|
24
|
+
|
25
|
+
|
26
|
+
## Rails 5.2.4.1 (December 18, 2019) ##
|
27
|
+
|
28
|
+
* No changes.
|
29
|
+
|
30
|
+
|
1
31
|
## Rails 5.2.4 (November 27, 2019) ##
|
2
32
|
|
3
33
|
* Fix circular `autosave: true` causes invalid records to be saved.
|
@@ -26,9 +26,9 @@ module ActiveRecord
|
|
26
26
|
|
27
27
|
value = value.sub(/^\((.+)\)$/, '-\1') # (4)
|
28
28
|
case value
|
29
|
-
when /^-?\D
|
29
|
+
when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
|
30
30
|
value.gsub!(/[^-\d.]/, "")
|
31
|
-
when /^-?\D
|
31
|
+
when /^-?\D*+[\d.]+,\d{2}$/ # (2)
|
32
32
|
value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
|
33
33
|
end
|
34
34
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activerecord
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.2.4
|
4
|
+
version: 5.2.4.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 5.2.4
|
19
|
+
version: 5.2.4.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 5.2.4
|
26
|
+
version: 5.2.4.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activemodel
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 5.2.4
|
33
|
+
version: 5.2.4.5
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 5.2.4
|
40
|
+
version: 5.2.4.5
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: arel
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -307,8 +307,8 @@ homepage: http://rubyonrails.org
|
|
307
307
|
licenses:
|
308
308
|
- MIT
|
309
309
|
metadata:
|
310
|
-
source_code_uri: https://github.com/rails/rails/tree/v5.2.4/activerecord
|
311
|
-
changelog_uri: https://github.com/rails/rails/blob/v5.2.4/activerecord/CHANGELOG.md
|
310
|
+
source_code_uri: https://github.com/rails/rails/tree/v5.2.4.5/activerecord
|
311
|
+
changelog_uri: https://github.com/rails/rails/blob/v5.2.4.5/activerecord/CHANGELOG.md
|
312
312
|
post_install_message:
|
313
313
|
rdoc_options:
|
314
314
|
- "--main"
|