activerecord 5.2.4 → 5.2.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +30 -0
  3. data/lib/active_record/connection_adapters/postgresql/oid/money.rb +2 -2
  4. data/lib/active_record/gem_version.rb +1 -1
  5. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0c5d1898b0499bf37b5bb1e9d4c0bcb36ae5d4335090357586968b05f8bfae6b
4
- data.tar.gz: 53b619dac1440f6796e36463442fd73aa2beb92922fa705e2317226b8928cfd1
3
+ metadata.gz: f7fc834af19132b6ad9d70b3809c7a19ae4e83c133e8332681ccbf6d7fd1f48d
4
+ data.tar.gz: 6257ed9838f4a3cae375ad8834f849a3178f8c571b09b525b60118f350018920
5
5
  SHA512:
6
- metadata.gz: d1252267986b0fc84208192e9f3f39c177d64833eded2674a8c5ef9baec9886b0ef04d27b75d40837d4da8d8b5006dc2ce7ebc80c647fec29e878229b41b3972
7
- data.tar.gz: dfdff0583cb3a9122b395e4b611f29ce8601eb94d3925fcfdec53fb19da2b22fbbd0afefd12afd519e1a8da90de3e996e68a5369e0464c0ba56c6968e2347ccb
6
+ metadata.gz: ac8563d07cd073721ec55daaefa751752efb9d10657cb8900d0416bf072be299001452b7d59f133a09810abf4bd080d8b9a89250e1741c00eff7a65d2f275ec3
7
+ data.tar.gz: '0868ed81dbdac5476819f3cf7002778b42cbe1683ee73168f48c90743d684616d10b303e2fc222670613d59493051e3eca87beaf09ad28652d81b377a4f81fbc'
data/CHANGELOG.md CHANGED
@@ -1,3 +1,33 @@
1
+ ## Rails 5.2.4.5 (February 10, 2021) ##
2
+
3
+ * Fix possible DoS vector in PostgreSQL money type
4
+
5
+ Carefully crafted input can cause a DoS via the regular expressions used
6
+ for validating the money format in the PostgreSQL adapter. This patch
7
+ fixes the regexp.
8
+
9
+ Thanks to @dee-see from Hackerone for this patch!
10
+
11
+ [CVE-2021-22880]
12
+
13
+ *Aaron Patterson*
14
+
15
+
16
+ ## Rails 5.2.4.4 (September 09, 2020) ##
17
+
18
+ * No changes.
19
+
20
+
21
+ ## Rails 5.2.4.3 (May 18, 2020) ##
22
+
23
+ * No changes.
24
+
25
+
26
+ ## Rails 5.2.4.1 (December 18, 2019) ##
27
+
28
+ * No changes.
29
+
30
+
1
31
  ## Rails 5.2.4 (November 27, 2019) ##
2
32
 
3
33
  * Fix circular `autosave: true` causes invalid records to be saved.
data/lib/active_record/connection_adapters/postgresql/oid/money.rb CHANGED
@@ -26,9 +26,9 @@ module ActiveRecord
26
26
 
27
27
  value = value.sub(/^\((.+)\)$/, '-\1') # (4)
28
28
  case value
29
- when /^-?\D+[\d,]+\.\d{2}$/ # (1)
29
+ when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
30
30
  value.gsub!(/[^-\d.]/, "")
31
- when /^-?\D+[\d.]+,\d{2}$/ # (2)
31
+ when /^-?\D*+[\d.]+,\d{2}$/ # (2)
32
32
  value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
33
33
  end
34
34
 
data/lib/active_record/gem_version.rb CHANGED
@@ -10,7 +10,7 @@ module ActiveRecord
10
10
  MAJOR = 5
11
11
  MINOR = 2
12
12
  TINY = 4
13
- PRE = nil
13
+ PRE = "5"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.4
4
+ version: 5.2.4.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-27 00:00:00.000000000 Z
11
+ date: 2021-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.2.4
19
+ version: 5.2.4.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.2.4
26
+ version: 5.2.4.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 5.2.4
33
+ version: 5.2.4.5
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 5.2.4
40
+ version: 5.2.4.5
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -307,8 +307,8 @@ homepage: http://rubyonrails.org
307
307
  licenses:
308
308
  - MIT
309
309
  metadata:
310
- source_code_uri: https://github.com/rails/rails/tree/v5.2.4/activerecord
311
- changelog_uri: https://github.com/rails/rails/blob/v5.2.4/activerecord/CHANGELOG.md
310
+ source_code_uri: https://github.com/rails/rails/tree/v5.2.4.5/activerecord
311
+ changelog_uri: https://github.com/rails/rails/blob/v5.2.4.5/activerecord/CHANGELOG.md
312
312
  post_install_message:
313
313
  rdoc_options:
314
314
  - "--main"