activerecord 6.1.2 → 6.1.2.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4112bd4b4d7a00b26db10332f2f6452d2b6ad1fdf3f2ad50988a8229abac9192
4
- data.tar.gz: 6fbcb021ae1942e307730ef7aaad54d1f594cd52b749d407f8aafe052bee6794
3
+ metadata.gz: 61210a9bf3705c22919bfa2c07869d5d6f2d634e9483344e861b30b73e77201a
4
+ data.tar.gz: 0e74625e0dfc674cbcac3a750d628e3ebb0df0e21b4277d72bc1699c403f6e8e
5
5
  SHA512:
6
- metadata.gz: eb1830fe0587253ecede381d53dd0be5c8de80070559458653d4a6e149c002a03a3ba37a8723e0e869693500b55ec9956f9f18d2d556884f40d28ac9af0e34f6
7
- data.tar.gz: d78aeab68b5c4d4d0e2d8a315b7175a0257b6e1bb6db82c1ae04551f44540d72ffd122881af9cfb93cf8c0d8d57b6310a5bd303e612e24795f54fc07b777f307
6
+ metadata.gz: 8482b26acd2e28d94d9eeb53e0bcb899e387318c2ef122c8edc9a9243ee3aec0f0d47f8fc3397aea738df4f9c033eff28e813fc8cb12577a4c195594414275f2
7
+ data.tar.gz: 255438e998bfe3c7a6364c15795416b8d116b6a2babc27718090d5dcc99cbb2f31d63a5cce5bceaffb6a32608e707fda33ba62e29c44cc1ce573617edaed22c8
data/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ ## Rails 6.1.2.1 (February 10, 2021) ##
2
+
3
+ * Fix possible DoS vector in PostgreSQL money type
4
+
5
+ Carefully crafted input can cause a DoS via the regular expressions used
6
+ for validating the money format in the PostgreSQL adapter. This patch
7
+ fixes the regexp.
8
+
9
+ Thanks to @dee-see from Hackerone for this patch!
10
+
11
+ [CVE-2021-22880]
12
+
13
+ *Aaron Patterson*
14
+
15
+
1
16
  ## Rails 6.1.2 (February 09, 2021) ##
2
17
 
3
18
  * Fix timestamp type for sqlite3.
@@ -26,9 +26,9 @@ module ActiveRecord
26
26
 
27
27
  value = value.sub(/^\((.+)\)$/, '-\1') # (4)
28
28
  case value
29
- when /^-?\D*[\d,]+\.\d{2}$/ # (1)
29
+ when /^-?\D*+[\d,]+\.\d{2}$/ # (1)
30
30
  value.gsub!(/[^-\d.]/, "")
31
- when /^-?\D*[\d.]+,\d{2}$/ # (2)
31
+ when /^-?\D*+[\d.]+,\d{2}$/ # (2)
32
32
  value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
33
33
  end
34
34
 
@@ -10,7 +10,7 @@ module ActiveRecord
10
10
  MAJOR = 6
11
11
  MINOR = 1
12
12
  TINY = 2
13
- PRE = nil
13
+ PRE = "1"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.2
4
+ version: 6.1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-09 00:00:00.000000000 Z
11
+ date: 2021-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.1.2
19
+ version: 6.1.2.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.1.2
26
+ version: 6.1.2.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 6.1.2
33
+ version: 6.1.2.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 6.1.2
40
+ version: 6.1.2.1
41
41
  description: Databases on Rails. Build a persistent domain model by mapping database
42
42
  tables to Ruby classes. Strong conventions for associations, validations, aggregations,
43
43
  migrations, and testing come baked-in.
@@ -390,11 +390,11 @@ licenses:
390
390
  - MIT
391
391
  metadata:
392
392
  bug_tracker_uri: https://github.com/rails/rails/issues
393
- changelog_uri: https://github.com/rails/rails/blob/v6.1.2/activerecord/CHANGELOG.md
394
- documentation_uri: https://api.rubyonrails.org/v6.1.2/
393
+ changelog_uri: https://github.com/rails/rails/blob/v6.1.2.1/activerecord/CHANGELOG.md
394
+ documentation_uri: https://api.rubyonrails.org/v6.1.2.1/
395
395
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
396
- source_code_uri: https://github.com/rails/rails/tree/v6.1.2/activerecord
397
- post_install_message:
396
+ source_code_uri: https://github.com/rails/rails/tree/v6.1.2.1/activerecord
397
+ post_install_message:
398
398
  rdoc_options:
399
399
  - "--main"
400
400
  - README.rdoc
@@ -411,8 +411,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
411
411
  - !ruby/object:Gem::Version
412
412
  version: '0'
413
413
  requirements: []
414
- rubygems_version: 3.2.3
415
- signing_key:
414
+ rubygems_version: 3.0.3
415
+ signing_key:
416
416
  specification_version: 4
417
417
  summary: Object-relational mapper framework (part of Rails).
418
418
  test_files: []