activerecord 6.0.3.4 → 6.0.3.6

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 140f6f368f1117ee61cd524faca9684ae30de2683f916da86fc5d407a7745cca
4
- data.tar.gz: e4c73cf6172c0d17caaf5f4d705e4a4ebff642d0db70c3a70b67f98b8f60b5c4
3
+ metadata.gz: 10483d65f664af6e16b8846c4e732c1684ccce361c7f5de71174d4c58667d7f0
4
+ data.tar.gz: b8e115b38be1bb8a9cfd2b405d5be96c21c7a1b402e63280ad1cef7d495e0cd9
5
5
  SHA512:
6
- metadata.gz: ef0ee3b5b549012bf375144e37e33ca1061dfdd6c2b2a95b4dddf97e42260f7127b64f2d34cf48ac6a532a33b84bff16db6a5bc7263f18773db71a347c13ea01
7
- data.tar.gz: 4fc23dcaa4cd671863cf194f6d8ab9673353e4b78f647224b25a76b00d947cc740f00a89c78ecd55384c9d3146f183f5bd1d756ec3e99c5794047ab068d05d8b
6
+ metadata.gz: 870e5ab273716a3b06ab68e5b18bf107cb8dfbba027df6c4c021628b7a5384c38b44d60a97df83da109aca4df075394ae88e8f8f76a61a63182fa2055b51a012
7
+ data.tar.gz: 1371263b37deb82f2f8af79399c9bfa955bfc819930779136de843caf0266cb3da913b2b8709c0fbf841478ef663fe9a7d8e1f6025909c7d630ab9e7b337fb00
data/CHANGELOG.md CHANGED
@@ -1,3 +1,23 @@
1
+ ## Rails 6.0.3.6 (March 26, 2021) ##
2
+
3
+ * No changes.
4
+
5
+
6
+ ## Rails 6.0.3.5 (February 10, 2021) ##
7
+
8
+ * Fix possible DoS vector in PostgreSQL money type
9
+
10
+ Carefully crafted input can cause a DoS via the regular expressions used
11
+ for validating the money format in the PostgreSQL adapter. This patch
12
+ fixes the regexp.
13
+
14
+ Thanks to @dee-see from Hackerone for this patch!
15
+
16
+ [CVE-2021-22880]
17
+
18
+ *Aaron Patterson*
19
+
20
+
1
21
  ## Rails 6.0.3.4 (October 07, 2020) ##
2
22
 
3
23
  * No changes.
@@ -26,9 +26,9 @@ module ActiveRecord
26
26
 
27
27
  value = value.sub(/^\((.+)\)$/, '-\1') # (4)
28
28
  case value
29
- when /^-?\D*[\d,]+\.\d{2}$/ # (1)
29
+ when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
30
30
  value.gsub!(/[^-\d.]/, "")
31
- when /^-?\D*[\d.]+,\d{2}$/ # (2)
31
+ when /^-?\D*+[\d.]+,\d{2}$/ # (2)
32
32
  value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
33
33
  end
34
34
 
@@ -10,7 +10,7 @@ module ActiveRecord
10
10
  MAJOR = 6
11
11
  MINOR = 0
12
12
  TINY = 3
13
- PRE = "4"
13
+ PRE = "6"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.3.4
4
+ version: 6.0.3.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-07 00:00:00.000000000 Z
11
+ date: 2021-03-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.0.3.4
19
+ version: 6.0.3.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.0.3.4
26
+ version: 6.0.3.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 6.0.3.4
33
+ version: 6.0.3.6
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 6.0.3.4
40
+ version: 6.0.3.6
41
41
  description: Databases on Rails. Build a persistent domain model by mapping database
42
42
  tables to Ruby classes. Strong conventions for associations, validations, aggregations,
43
43
  migrations, and testing come baked-in.
@@ -391,11 +391,11 @@ licenses:
391
391
  - MIT
392
392
  metadata:
393
393
  bug_tracker_uri: https://github.com/rails/rails/issues
394
- changelog_uri: https://github.com/rails/rails/blob/v6.0.3.4/activerecord/CHANGELOG.md
395
- documentation_uri: https://api.rubyonrails.org/v6.0.3.4/
394
+ changelog_uri: https://github.com/rails/rails/blob/v6.0.3.6/activerecord/CHANGELOG.md
395
+ documentation_uri: https://api.rubyonrails.org/v6.0.3.6/
396
396
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
397
- source_code_uri: https://github.com/rails/rails/tree/v6.0.3.4/activerecord
398
- post_install_message:
397
+ source_code_uri: https://github.com/rails/rails/tree/v6.0.3.6/activerecord
398
+ post_install_message:
399
399
  rdoc_options:
400
400
  - "--main"
401
401
  - README.rdoc
@@ -412,8 +412,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
412
412
  - !ruby/object:Gem::Version
413
413
  version: '0'
414
414
  requirements: []
415
- rubygems_version: 3.1.4
416
- signing_key:
415
+ rubygems_version: 3.1.2
416
+ signing_key:
417
417
  specification_version: 4
418
418
  summary: Object-relational mapper framework (part of Rails).
419
419
  test_files: []