activerecord 6.0.3.4 → 6.0.3.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 140f6f368f1117ee61cd524faca9684ae30de2683f916da86fc5d407a7745cca
4
- data.tar.gz: e4c73cf6172c0d17caaf5f4d705e4a4ebff642d0db70c3a70b67f98b8f60b5c4
3
+ metadata.gz: 81509c096d5c718a2f031bb02276ffa200df9f23f6b95ca4ee001ff4b0ed3f0b
4
+ data.tar.gz: 171cbbd2a3dea6f8156b6662b47787ff29f0d538d24675321cd48875f7968faa
5
5
  SHA512:
6
- metadata.gz: ef0ee3b5b549012bf375144e37e33ca1061dfdd6c2b2a95b4dddf97e42260f7127b64f2d34cf48ac6a532a33b84bff16db6a5bc7263f18773db71a347c13ea01
7
- data.tar.gz: 4fc23dcaa4cd671863cf194f6d8ab9673353e4b78f647224b25a76b00d947cc740f00a89c78ecd55384c9d3146f183f5bd1d756ec3e99c5794047ab068d05d8b
6
+ metadata.gz: b2c8ab3ddce74dcccaa27d4260db49ac55667e9a440c2187a0133ff211ec1305159ee3b74b71009ab59c5908d1d5d50b6be59191dd282d1e2dbf1198465556cc
7
+ data.tar.gz: f2d64203c46ec1cc691a0b46c3e3e84c602267596bd807f212ef43e285248a0e5051e30a2ae0c34fcd0528fa4856e0d509b3ac65f89b1600b8304aa7a7cb2ca8
data/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ ## Rails 6.0.3.5 (February 10, 2021) ##
2
+
3
+ * Fix possible DoS vector in PostgreSQL money type
4
+
5
+ Carefully crafted input can cause a DoS via the regular expressions used
6
+ for validating the money format in the PostgreSQL adapter. This patch
7
+ fixes the regexp.
8
+
9
+ Thanks to @dee-see from Hackerone for this patch!
10
+
11
+ [CVE-2021-22880]
12
+
13
+ *Aaron Patterson*
14
+
15
+
1
16
  ## Rails 6.0.3.4 (October 07, 2020) ##
2
17
 
3
18
  * No changes.
@@ -26,9 +26,9 @@ module ActiveRecord
26
26
 
27
27
  value = value.sub(/^\((.+)\)$/, '-\1') # (4)
28
28
  case value
29
- when /^-?\D*[\d,]+\.\d{2}$/ # (1)
29
+ when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
30
30
  value.gsub!(/[^-\d.]/, "")
31
- when /^-?\D*[\d.]+,\d{2}$/ # (2)
31
+ when /^-?\D*+[\d.]+,\d{2}$/ # (2)
32
32
  value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
33
33
  end
34
34
 
@@ -10,7 +10,7 @@ module ActiveRecord
10
10
  MAJOR = 6
11
11
  MINOR = 0
12
12
  TINY = 3
13
- PRE = "4"
13
+ PRE = "5"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.3.4
4
+ version: 6.0.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-07 00:00:00.000000000 Z
11
+ date: 2021-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.0.3.4
19
+ version: 6.0.3.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.0.3.4
26
+ version: 6.0.3.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 6.0.3.4
33
+ version: 6.0.3.5
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 6.0.3.4
40
+ version: 6.0.3.5
41
41
  description: Databases on Rails. Build a persistent domain model by mapping database
42
42
  tables to Ruby classes. Strong conventions for associations, validations, aggregations,
43
43
  migrations, and testing come baked-in.
@@ -391,11 +391,11 @@ licenses:
391
391
  - MIT
392
392
  metadata:
393
393
  bug_tracker_uri: https://github.com/rails/rails/issues
394
- changelog_uri: https://github.com/rails/rails/blob/v6.0.3.4/activerecord/CHANGELOG.md
395
- documentation_uri: https://api.rubyonrails.org/v6.0.3.4/
394
+ changelog_uri: https://github.com/rails/rails/blob/v6.0.3.5/activerecord/CHANGELOG.md
395
+ documentation_uri: https://api.rubyonrails.org/v6.0.3.5/
396
396
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
397
- source_code_uri: https://github.com/rails/rails/tree/v6.0.3.4/activerecord
398
- post_install_message:
397
+ source_code_uri: https://github.com/rails/rails/tree/v6.0.3.5/activerecord
398
+ post_install_message:
399
399
  rdoc_options:
400
400
  - "--main"
401
401
  - README.rdoc
@@ -412,8 +412,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
412
412
  - !ruby/object:Gem::Version
413
413
  version: '0'
414
414
  requirements: []
415
- rubygems_version: 3.1.4
416
- signing_key:
415
+ rubygems_version: 3.0.3
416
+ signing_key:
417
417
  specification_version: 4
418
418
  summary: Object-relational mapper framework (part of Rails).
419
419
  test_files: []