RubyGems - activerecord - Versions diffs - 6.1.2 → 6.1.2.1 - Mend

activerecord 6.1.2 → 6.1.2.1

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/lib/active_record/connection_adapters/postgresql/oid/money.rb +2 -2
data/lib/active_record/gem_version.rb +1 -1
metadata +13 -13

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4112bd4b4d7a00b26db10332f2f6452d2b6ad1fdf3f2ad50988a8229abac9192
-  data.tar.gz: 6fbcb021ae1942e307730ef7aaad54d1f594cd52b749d407f8aafe052bee6794
+  metadata.gz: 61210a9bf3705c22919bfa2c07869d5d6f2d634e9483344e861b30b73e77201a
+  data.tar.gz: 0e74625e0dfc674cbcac3a750d628e3ebb0df0e21b4277d72bc1699c403f6e8e
 SHA512:
-  metadata.gz: eb1830fe0587253ecede381d53dd0be5c8de80070559458653d4a6e149c002a03a3ba37a8723e0e869693500b55ec9956f9f18d2d556884f40d28ac9af0e34f6
-  data.tar.gz: d78aeab68b5c4d4d0e2d8a315b7175a0257b6e1bb6db82c1ae04551f44540d72ffd122881af9cfb93cf8c0d8d57b6310a5bd303e612e24795f54fc07b777f307
+  metadata.gz: 8482b26acd2e28d94d9eeb53e0bcb899e387318c2ef122c8edc9a9243ee3aec0f0d47f8fc3397aea738df4f9c033eff28e813fc8cb12577a4c195594414275f2
+  data.tar.gz: 255438e998bfe3c7a6364c15795416b8d116b6a2babc27718090d5dcc99cbb2f31d63a5cce5bceaffb6a32608e707fda33ba62e29c44cc1ce573617edaed22c8

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,18 @@
+## Rails 6.1.2.1 (February 10, 2021) ##
+*   Fix possible DoS vector in PostgreSQL money type
+    Carefully crafted input can cause a DoS via the regular expressions used
+    for validating the money format in the PostgreSQL adapter.  This patch
+    fixes the regexp.
+    Thanks to @dee-see from Hackerone for this patch!
+    [CVE-2021-22880]
+    *Aaron Patterson*
 ## Rails 6.1.2 (February 09, 2021) ##
 *   Fix timestamp type for sqlite3.

data/lib/active_record/connection_adapters/postgresql/oid/money.rb CHANGED Viewed

@@ -26,9 +26,9 @@ module ActiveRecord
             value = value.sub(/^\((.+)\)$/, '-\1') # (4)
             case value
-            when /^-?\D*[\d,]+\.\d{2}$/  # (1)
+            when /^-?\D*+[\d,]+\.\d{2}$/  # (1)
               value.gsub!(/[^-\d.]/, "")
-            when /^-?\D*[\d.]+,\d{2}$/  # (2)
+            when /^-?\D*+[\d.]+,\d{2}$/  # (2)
               value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
             end

data/lib/active_record/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ActiveRecord
     MAJOR = 6
     MINOR = 1
     TINY  = 2
-    PRE   = nil
+    PRE   = "1"
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activerecord
 version: !ruby/object:Gem::Version
-  version: 6.1.2
+  version: 6.1.2.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-09 00:00:00.000000000 Z
+date: 2021-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.2
+        version: 6.1.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.2
+        version: 6.1.2.1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.2
+        version: 6.1.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.2
+        version: 6.1.2.1
 description: Databases on Rails. Build a persistent domain model by mapping database
   tables to Ruby classes. Strong conventions for associations, validations, aggregations,
   migrations, and testing come baked-in.
@@ -390,11 +390,11 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v6.1.2/activerecord/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v6.1.2/
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.2.1/activerecord/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.2.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v6.1.2/activerecord
-post_install_message:
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.2.1/activerecord
+post_install_message:
 rdoc_options:
 - "--main"
 - README.rdoc
@@ -411,8 +411,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Object-relational mapper framework (part of Rails).
 test_files: []