activestorage 5.2.0 → 5.2.6.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activestorage might be problematic. Click here for more details.

Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +127 -0
  3. data/app/assets/javascripts/activestorage.js +939 -1
  4. data/app/controllers/active_storage/direct_uploads_controller.rb +1 -1
  5. data/app/controllers/active_storage/disk_controller.rb +17 -5
  6. data/app/javascript/activestorage/file_checksum.js +1 -1
  7. data/app/javascript/activestorage/ujs.js +12 -1
  8. data/app/jobs/active_storage/purge_job.rb +1 -2
  9. data/app/models/active_storage/attachment.rb +2 -2
  10. data/app/models/active_storage/blob/identifiable.rb +13 -2
  11. data/app/models/active_storage/blob/representable.rb +1 -1
  12. data/app/models/active_storage/blob.rb +33 -4
  13. data/app/models/active_storage/variant.rb +4 -4
  14. data/app/models/active_storage/variation.rb +352 -0
  15. data/db/migrate/20170806125915_create_active_storage_tables.rb +1 -0
  16. data/lib/active_storage/downloading.rb +1 -0
  17. data/lib/active_storage/engine.rb +30 -0
  18. data/lib/active_storage/gem_version.rb +2 -2
  19. data/lib/active_storage/log_subscriber.rb +2 -0
  20. data/lib/active_storage/previewer/poppler_pdf_previewer.rb +2 -2
  21. data/lib/active_storage/previewer.rb +2 -2
  22. data/lib/active_storage/service/azure_storage_service.rb +4 -4
  23. data/lib/active_storage/service/disk_service.rb +25 -15
  24. data/lib/active_storage/service/gcs_service.rb +27 -13
  25. data/lib/active_storage/service/mirror_service.rb +3 -3
  26. data/lib/active_storage/service/s3_service.rb +6 -3
  27. data/lib/active_storage/service.rb +7 -1
  28. data/lib/active_storage.rb +4 -0
  29. data/lib/tasks/activestorage.rake +3 -0
  30. metadata +14 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b3025aa6dbcc49f361960fb7aacbc0a1be7d680f493c297b1191fee84559eb21
4
- data.tar.gz: bb0ad2877de18ab1858852f65115a029fac9f8563d8ad34b308b49ed86f37362
3
+ metadata.gz: 13b52cd35b6dc01b7589a2c6a666628f0dd9022a7003be3b4ccb461854aa8f54
4
+ data.tar.gz: c5b000e97cc5c5da0800bb963892f20857841d1a6c1d1d41224c7053b340aaaa
5
5
  SHA512:
6
- metadata.gz: e8186feaed874aa6c280caca2e87708534af67db724f3b3bdb23a1e12dc34fc8dd8c948fccb999a57909eab0f2d55e233eedb4a2723770bea28fd09c9a9ba709
7
- data.tar.gz: 61d3032f917ba040e6efa6fa3a2354b92c29bc40afaf4bf692cf58907d0f33a18360ad69b5e717adf58d45adfa9eb3aa0ee8f5c6388fa3e9659e6cf60107a7e5
6
+ metadata.gz: 81552bc85fb46cac27886e71abd1434d0e184e8eb6f679642e6cc2589c6c8e1f72aea689ab169407a6467bc03d2a846ed77d36c6ea4ee55102d451fc9be1ade8
7
+ data.tar.gz: 907cc0d61bf68b93edecfd2caabc06656a5a31b7a64931c98342005ddf8976a0c33d412e376da464f1453a738156efa8769449ffd554f14c08d20bd853329cd6
data/CHANGELOG.md CHANGED
@@ -1,3 +1,130 @@
1
+ ## Rails 5.2.6.3 (March 08, 2022) ##
2
+
3
+ * Added image transformation validation via configurable allow-list.
4
+
5
+ Variant now offers a configurable allow-list for
6
+ transformation methods in addition to a configurable deny-list for arguments.
7
+
8
+ [CVE-2022-21831]
9
+
10
+
11
+ ## Rails 5.2.6.2 (February 11, 2022) ##
12
+
13
+ * No changes.
14
+
15
+
16
+ ## Rails 5.2.6.1 (February 11, 2022) ##
17
+
18
+ * No changes.
19
+
20
+
21
+ ## Rails 5.2.6 (May 05, 2021) ##
22
+
23
+ * No changes.
24
+
25
+
26
+ ## Rails 5.2.5 (March 26, 2021) ##
27
+
28
+ * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
29
+ mime types data.
30
+
31
+ *George Claghorn*
32
+
33
+ * The Poppler PDF previewer renders a preview image using the original
34
+ document's crop box rather than its media box, hiding print margins. This
35
+ matches the behavior of the MuPDF previewer.
36
+
37
+ *Vincent Robert*
38
+
39
+
40
+ ## Rails 5.2.4.6 (May 05, 2021) ##
41
+
42
+ * No changes.
43
+
44
+
45
+ ## Rails 5.2.4.5 (February 10, 2021) ##
46
+
47
+ * No changes.
48
+
49
+
50
+ ## Rails 5.2.4.4 (September 09, 2020) ##
51
+
52
+ * No changes.
53
+
54
+
55
+ ## Rails 5.2.4.3 (May 18, 2020) ##
56
+
57
+ * [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
58
+
59
+
60
+ ## Rails 5.2.4.2 (March 19, 2020) ##
61
+
62
+ * No changes.
63
+
64
+
65
+ ## Rails 5.2.4.1 (December 18, 2019) ##
66
+
67
+ * No changes.
68
+
69
+
70
+ ## Rails 5.2.4 (November 27, 2019) ##
71
+
72
+ * No changes.
73
+
74
+
75
+ ## Rails 5.2.3 (March 27, 2019) ##
76
+
77
+ * No changes.
78
+
79
+
80
+ ## Rails 5.2.2.1 (March 11, 2019) ##
81
+
82
+ * No changes.
83
+
84
+
85
+ ## Rails 5.2.2 (December 04, 2018) ##
86
+
87
+ * Support multiple submit buttons in Active Storage forms.
88
+
89
+ *Chrıs Seelus*
90
+
91
+ * Fix `ArgumentError` when uploading to amazon s3
92
+
93
+ *Hiroki Sanpei*
94
+
95
+ * Add a foreign-key constraint to the `active_storage_attachments` table for blobs.
96
+
97
+ *George Claghorn*
98
+
99
+ * Discard `ActiveStorage::PurgeJobs` for missing blobs.
100
+
101
+ *George Claghorn*
102
+
103
+ * Fix uploading Tempfiles to Azure Storage.
104
+
105
+ *George Claghorn*
106
+
107
+
108
+ ## Rails 5.2.1.1 (November 27, 2018) ##
109
+
110
+ * Prevent content type and disposition bypass in storage service URLs.
111
+
112
+ Fix CVE-2018-16477.
113
+
114
+ *Rosa Gutierrez*
115
+
116
+
117
+ ## Rails 5.2.1 (August 07, 2018) ##
118
+
119
+ * Fix direct upload with zero-byte files.
120
+
121
+ *George Claghorn*
122
+
123
+ * Exclude JSON root from `active_storage/direct_uploads#create` response.
124
+
125
+ *Javan Makhmali*
126
+
127
+
1
128
  ## Rails 5.2.0 (April 09, 2018) ##
2
129
 
3
130
  * Allow full use of the AWS S3 SDK options for authentication. If an