activerecord 4.0.6 → 4.0.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed57556216d551308db2fbb815b338d14119a30e
|
|
4
|
+
data.tar.gz: b389388752ab7db483d355986b817d7d6821643c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eca5bc65707480717b3fe8c33bfed64c82a2591c7a51f4b4ba80bcb2a6ecd3cdf1d98ece4731d6d301ef56129b6b76793cabbde758c83128951f9773da8e1741
|
|
7
|
+
data.tar.gz: e801171603f0e548ce230db98e29003394e8c41057d4bd4d33b9a55da4c03056cd3a81a23b305c5ab61f90b85b64bd982b244368b0a4672105e7d0848401b93e
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
## Rails 4.0.7 (July 2, 2014) ##
|
|
2
|
+
|
|
3
|
+
* Fix SQL Injection Vulnerability in 'range' quoting.
|
|
4
|
+
|
|
5
|
+
Fixes CVE-2014-3483
|
|
6
|
+
|
|
7
|
+
*Rafael Mendonça França*
|
|
8
|
+
|
|
9
|
+
|
|
1
10
|
## Rails 4.0.6 (June 26, 2014) ##
|
|
2
11
|
|
|
3
12
|
* Fixed the inferred table name of a has_and_belongs_to_many auxiliar
|
|
@@ -23,7 +23,8 @@ module ActiveRecord
|
|
|
23
23
|
case value
|
|
24
24
|
when Range
|
|
25
25
|
if /range$/ =~ sql_type
|
|
26
|
-
|
|
26
|
+
escaped = quote_string(PostgreSQLColumn.range_to_string(value))
|
|
27
|
+
"#{escaped}::#{sql_type}"
|
|
27
28
|
else
|
|
28
29
|
super
|
|
29
30
|
end
|
|
@@ -70,8 +71,8 @@ module ActiveRecord
|
|
|
70
71
|
when 'xml' then "xml '#{quote_string(value)}'"
|
|
71
72
|
when /^bit/
|
|
72
73
|
case value
|
|
73
|
-
when
|
|
74
|
-
when
|
|
74
|
+
when /\A[01]*\Z/ then "B'#{value}'" # Bit-string notation
|
|
75
|
+
when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
|
|
75
76
|
end
|
|
76
77
|
else
|
|
77
78
|
super
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-07-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 4.0.
|
|
19
|
+
version: 4.0.7
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 4.0.
|
|
26
|
+
version: 4.0.7
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: activemodel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 4.0.
|
|
33
|
+
version: 4.0.7
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 4.0.
|
|
40
|
+
version: 4.0.7
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: arel
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -260,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
260
260
|
version: '0'
|
|
261
261
|
requirements: []
|
|
262
262
|
rubyforge_project:
|
|
263
|
-
rubygems_version: 2.
|
|
263
|
+
rubygems_version: 2.3.0
|
|
264
264
|
signing_key:
|
|
265
265
|
specification_version: 4
|
|
266
266
|
summary: Object-relational mapper framework (part of Rails).
|