activerecord 6.0.3 → 6.0.3.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +35 -0
- data/lib/active_record/connection_adapters/postgresql/oid/money.rb +2 -2
- data/lib/active_record/gem_version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81509c096d5c718a2f031bb02276ffa200df9f23f6b95ca4ee001ff4b0ed3f0b
|
4
|
+
data.tar.gz: 171cbbd2a3dea6f8156b6662b47787ff29f0d538d24675321cd48875f7968faa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b2c8ab3ddce74dcccaa27d4260db49ac55667e9a440c2187a0133ff211ec1305159ee3b74b71009ab59c5908d1d5d50b6be59191dd282d1e2dbf1198465556cc
|
7
|
+
data.tar.gz: f2d64203c46ec1cc691a0b46c3e3e84c602267596bd807f212ef43e285248a0e5051e30a2ae0c34fcd0528fa4856e0d509b3ac65f89b1600b8304aa7a7cb2ca8
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,38 @@
|
|
1
|
+
## Rails 6.0.3.5 (February 10, 2021) ##
|
2
|
+
|
3
|
+
* Fix possible DoS vector in PostgreSQL money type
|
4
|
+
|
5
|
+
Carefully crafted input can cause a DoS via the regular expressions used
|
6
|
+
for validating the money format in the PostgreSQL adapter. This patch
|
7
|
+
fixes the regexp.
|
8
|
+
|
9
|
+
Thanks to @dee-see from Hackerone for this patch!
|
10
|
+
|
11
|
+
[CVE-2021-22880]
|
12
|
+
|
13
|
+
*Aaron Patterson*
|
14
|
+
|
15
|
+
|
16
|
+
## Rails 6.0.3.4 (October 07, 2020) ##
|
17
|
+
|
18
|
+
* No changes.
|
19
|
+
|
20
|
+
|
21
|
+
## Rails 6.0.3.3 (September 09, 2020) ##
|
22
|
+
|
23
|
+
* No changes.
|
24
|
+
|
25
|
+
|
26
|
+
## Rails 6.0.3.2 (June 17, 2020) ##
|
27
|
+
|
28
|
+
* No changes.
|
29
|
+
|
30
|
+
|
31
|
+
## Rails 6.0.3.1 (May 18, 2020) ##
|
32
|
+
|
33
|
+
* No changes.
|
34
|
+
|
35
|
+
|
1
36
|
## Rails 6.0.3 (May 06, 2020) ##
|
2
37
|
|
3
38
|
* Recommend applications don't use the `database` kwarg in `connected_to`
|
@@ -26,9 +26,9 @@ module ActiveRecord
|
|
26
26
|
|
27
27
|
value = value.sub(/^\((.+)\)$/, '-\1') # (4)
|
28
28
|
case value
|
29
|
-
when /^-?\D
|
29
|
+
when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
|
30
30
|
value.gsub!(/[^-\d.]/, "")
|
31
|
-
when /^-?\D
|
31
|
+
when /^-?\D*+[\d.]+,\d{2}$/ # (2)
|
32
32
|
value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
|
33
33
|
end
|
34
34
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activerecord
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.3
|
4
|
+
version: 6.0.3.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 6.0.3
|
19
|
+
version: 6.0.3.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 6.0.3
|
26
|
+
version: 6.0.3.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activemodel
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 6.0.3
|
33
|
+
version: 6.0.3.5
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 6.0.3
|
40
|
+
version: 6.0.3.5
|
41
41
|
description: Databases on Rails. Build a persistent domain model by mapping database
|
42
42
|
tables to Ruby classes. Strong conventions for associations, validations, aggregations,
|
43
43
|
migrations, and testing come baked-in.
|
@@ -391,10 +391,10 @@ licenses:
|
|
391
391
|
- MIT
|
392
392
|
metadata:
|
393
393
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
394
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.0.3/activerecord/CHANGELOG.md
|
395
|
-
documentation_uri: https://api.rubyonrails.org/v6.0.3/
|
394
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.0.3.5/activerecord/CHANGELOG.md
|
395
|
+
documentation_uri: https://api.rubyonrails.org/v6.0.3.5/
|
396
396
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
397
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.0.3/activerecord
|
397
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.0.3.5/activerecord
|
398
398
|
post_install_message:
|
399
399
|
rdoc_options:
|
400
400
|
- "--main"
|
@@ -412,7 +412,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
412
412
|
- !ruby/object:Gem::Version
|
413
413
|
version: '0'
|
414
414
|
requirements: []
|
415
|
-
rubygems_version: 3.
|
415
|
+
rubygems_version: 3.0.3
|
416
416
|
signing_key:
|
417
417
|
specification_version: 4
|
418
418
|
summary: Object-relational mapper framework (part of Rails).
|