activerecord 3.2.18 → 3.2.19

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (5) hide show
  1. data/CHANGELOG.md +9 -0
  2. data/lib/active_record/connection_adapters/postgresql_adapter.rb +3 -3
  3. data/lib/active_record/session_store.rb +1 -1
  4. data/lib/active_record/version.rb +1 -1
  5. metadata +29 -27
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ ## Rails 3.2.19 (Jul 2, 2014) ##
2
+
3
+ * Fix SQL Injection Vulnerability in 'bitstring' quoting.
4
+
5
+ Fixes CVE-2014-3482.
6
+
7
+ *Rafael Mendonça França*
8
+
9
+
1
10
  ## Rails 3.2.18 (May 6, 2014) ##
2
11
 
3
12
  * No changes.
data/lib/active_record/connection_adapters/postgresql_adapter.rb CHANGED
@@ -442,8 +442,8 @@ module ActiveRecord
442
442
  when 'xml' then "xml '#{quote_string(value)}'"
443
443
  when /^bit/
444
444
  case value
445
- when /^[01]*$/ then "B'#{value}'" # Bit-string notation
446
- when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
445
+ when /\A[01]*\Z/ then "B'#{value}'" # Bit-string notation
446
+ when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
447
447
  end
448
448
  else
449
449
  super
@@ -1160,7 +1160,7 @@ module ActiveRecord
1160
1160
  FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:
1161
1161
 
1162
1162
  def exec_no_cache(sql, binds)
1163
- @connection.async_exec(sql)
1163
+ @connection.async_exec(sql, [])
1164
1164
  end
1165
1165
 
1166
1166
  def exec_cache(sql, binds)
data/lib/active_record/session_store.rb CHANGED
@@ -9,7 +9,7 @@ module ActiveRecord
9
9
  #
10
10
  # The default assumes a +sessions+ tables with columns:
11
11
  # +id+ (numeric primary key),
12
- # +session_id+ (text, or longtext if your session data exceeds 65K), and
12
+ # +session_id+ (string, :limit => 255), and
13
13
  # +data+ (text or longtext; careful if your session data exceeds 65KB).
14
14
  #
15
15
  # The +session_id+ column should always be indexed for speedy lookups.
data/lib/active_record/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 2
5
- TINY = 18
5
+ TINY = 19
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- hash: 43
4
+ hash: 41
5
5
  prerelease:
6
6
  segments:
7
7
  - 3
8
8
  - 2
9
- - 18
10
- version: 3.2.18
9
+ - 19
10
+ version: 3.2.19
11
11
  platform: ruby
12
12
  authors:
13
13
  - David Heinemeier Hansson
@@ -15,44 +15,43 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2014-05-06 00:00:00 Z
18
+ date: 2014-07-02 00:00:00 -03:00
19
+ default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
21
- type: :runtime
22
- name: activesupport
23
- version_requirements: &id001 !ruby/object:Gem::Requirement
22
+ requirement: &id001 !ruby/object:Gem::Requirement
24
23
  none: false
25
24
  requirements:
26
25
  - - "="
27
26
  - !ruby/object:Gem::Version
28
- hash: 43
27
+ hash: 41
29
28
  segments:
30
29
  - 3
31
30
  - 2
32
- - 18
33
- version: 3.2.18
31
+ - 19
32
+ version: 3.2.19
33
+ type: :runtime
34
+ version_requirements: *id001
34
35
  prerelease: false
35
- requirement: *id001
36
+ name: activesupport
36
37
  - !ruby/object:Gem::Dependency
37
- type: :runtime
38
- name: activemodel
39
- version_requirements: &id002 !ruby/object:Gem::Requirement
38
+ requirement: &id002 !ruby/object:Gem::Requirement
40
39
  none: false
41
40
  requirements:
42
41
  - - "="
43
42
  - !ruby/object:Gem::Version
44
- hash: 43
43
+ hash: 41
45
44
  segments:
46
45
  - 3
47
46
  - 2
48
- - 18
49
- version: 3.2.18
47
+ - 19
48
+ version: 3.2.19
49
+ type: :runtime
50
+ version_requirements: *id002
50
51
  prerelease: false
51
- requirement: *id002
52
+ name: activemodel
52
53
  - !ruby/object:Gem::Dependency
53
- type: :runtime
54
- name: arel
55
- version_requirements: &id003 !ruby/object:Gem::Requirement
54
+ requirement: &id003 !ruby/object:Gem::Requirement
56
55
  none: false
57
56
  requirements:
58
57
  - - ~>
@@ -63,12 +62,12 @@ dependencies:
63
62
  - 0
64
63
  - 2
65
64
  version: 3.0.2
65
+ type: :runtime
66
+ version_requirements: *id003
66
67
  prerelease: false
67
- requirement: *id003
68
+ name: arel
68
69
  - !ruby/object:Gem::Dependency
69
- type: :runtime
70
- name: tzinfo
71
- version_requirements: &id004 !ruby/object:Gem::Requirement
70
+ requirement: &id004 !ruby/object:Gem::Requirement
72
71
  none: false
73
72
  requirements:
74
73
  - - ~>
@@ -79,8 +78,10 @@ dependencies:
79
78
  - 3
80
79
  - 29
81
80
  version: 0.3.29
81
+ type: :runtime
82
+ version_requirements: *id004
82
83
  prerelease: false
83
- requirement: *id004
84
+ name: tzinfo
84
85
  description: Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.
85
86
  email: david@loudthinking.com
86
87
  executables: []
@@ -239,6 +240,7 @@ files:
239
240
  - lib/rails/generators/active_record/session_migration/session_migration_generator.rb
240
241
  - lib/rails/generators/active_record/session_migration/templates/migration.rb
241
242
  - lib/rails/generators/active_record.rb
243
+ has_rdoc: true
242
244
  homepage: http://www.rubyonrails.org
243
245
  licenses:
244
246
  - MIT
@@ -271,7 +273,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
271
273
  requirements: []
272
274
 
273
275
  rubyforge_project:
274
- rubygems_version: 1.8.15
276
+ rubygems_version: 1.6.2
275
277
  signing_key:
276
278
  specification_version: 3
277
279
  summary: Object-relational mapper framework (part of Rails).