activerecord 5.2.4 → 5.2.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f7fc834af19132b6ad9d70b3809c7a19ae4e83c133e8332681ccbf6d7fd1f48d
|
4
|
+
data.tar.gz: 6257ed9838f4a3cae375ad8834f849a3178f8c571b09b525b60118f350018920
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac8563d07cd073721ec55daaefa751752efb9d10657cb8900d0416bf072be299001452b7d59f133a09810abf4bd080d8b9a89250e1741c00eff7a65d2f275ec3
|
7
|
+
data.tar.gz: '0868ed81dbdac5476819f3cf7002778b42cbe1683ee73168f48c90743d684616d10b303e2fc222670613d59493051e3eca87beaf09ad28652d81b377a4f81fbc'
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,33 @@
|
|
1
|
+
## Rails 5.2.4.5 (February 10, 2021) ##
|
2
|
+
|
3
|
+
* Fix possible DoS vector in PostgreSQL money type
|
4
|
+
|
5
|
+
Carefully crafted input can cause a DoS via the regular expressions used
|
6
|
+
for validating the money format in the PostgreSQL adapter. This patch
|
7
|
+
fixes the regexp.
|
8
|
+
|
9
|
+
Thanks to @dee-see from Hackerone for this patch!
|
10
|
+
|
11
|
+
[CVE-2021-22880]
|
12
|
+
|
13
|
+
*Aaron Patterson*
|
14
|
+
|
15
|
+
|
16
|
+
## Rails 5.2.4.4 (September 09, 2020) ##
|
17
|
+
|
18
|
+
* No changes.
|
19
|
+
|
20
|
+
|
21
|
+
## Rails 5.2.4.3 (May 18, 2020) ##
|
22
|
+
|
23
|
+
* No changes.
|
24
|
+
|
25
|
+
|
26
|
+
## Rails 5.2.4.1 (December 18, 2019) ##
|
27
|
+
|
28
|
+
* No changes.
|
29
|
+
|
30
|
+
|
1
31
|
## Rails 5.2.4 (November 27, 2019) ##
|
2
32
|
|
3
33
|
* Fix circular `autosave: true` causes invalid records to be saved.
|
@@ -26,9 +26,9 @@ module ActiveRecord
|
|
26
26
|
|
27
27
|
value = value.sub(/^\((.+)\)$/, '-\1') # (4)
|
28
28
|
case value
|
29
|
-
when /^-?\D
|
29
|
+
when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
|
30
30
|
value.gsub!(/[^-\d.]/, "")
|
31
|
-
when /^-?\D
|
31
|
+
when /^-?\D*+[\d.]+,\d{2}$/ # (2)
|
32
32
|
value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
|
33
33
|
end
|
34
34
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activerecord
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.2.4
|
4
|
+
version: 5.2.4.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 5.2.4
|
19
|
+
version: 5.2.4.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 5.2.4
|
26
|
+
version: 5.2.4.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activemodel
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 5.2.4
|
33
|
+
version: 5.2.4.5
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 5.2.4
|
40
|
+
version: 5.2.4.5
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: arel
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -307,8 +307,8 @@ homepage: http://rubyonrails.org
|
|
307
307
|
licenses:
|
308
308
|
- MIT
|
309
309
|
metadata:
|
310
|
-
source_code_uri: https://github.com/rails/rails/tree/v5.2.4/activerecord
|
311
|
-
changelog_uri: https://github.com/rails/rails/blob/v5.2.4/activerecord/CHANGELOG.md
|
310
|
+
source_code_uri: https://github.com/rails/rails/tree/v5.2.4.5/activerecord
|
311
|
+
changelog_uri: https://github.com/rails/rails/blob/v5.2.4.5/activerecord/CHANGELOG.md
|
312
312
|
post_install_message:
|
313
313
|
rdoc_options:
|
314
314
|
- "--main"
|