activestorage 7.2.2.2 → 7.2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95b4c7b82cf963f9b1d16f4646ad4538829af0a213797ac35621e7a4b6e13609
-  data.tar.gz: dab322a2424c0c8f7fc30af73b7453d1ab36060a2f905eb31f4d21cfc7847d6a
+  metadata.gz: 07e918ed2ad2733425a8c83bcd4a17b0de42f1b4e4692f0ac60f37886a2b1982
+  data.tar.gz: 8ec0faa694ef8191678280d2f5ed44b8a3d623788e2239013a43a33c25e0f754
 SHA512:
-  metadata.gz: 1a3ff3b23455a2e472fc46dab1a947dab49032917c59a1844fee4d694445366df9ef2b99085de5d10c6107f0f1085179a303da233d6f953c9a37ddbdba70e5cc
-  data.tar.gz: a6601fbc244adaf30ba1dac98f3062700195bfa5f728b9425976d2f14c89f6ee27223d25b00c1f7573022677e558f45a06487efba20fda259fb9006014af7a68
+  metadata.gz: 71e330a9f27d46bdd58c56f7bf4ead818b549c899e5aca043f895b4377b0478b25499c05ec39392e4fcbf5c3eaa8e85f5ada5000d3f2c01ae84badeed4591326
+  data.tar.gz: bb8ce35c75e8a43bdc135ddac20b94928bdbc1365b3351e7570f72c566001906506ecd32a98cde9fd3e47a1b8726058d235ce413afeac31a6d874ff9687d8096

data/CHANGELOG.md

@@ -1,11 +1,82 @@
+## Rails 7.2.3.1 (March 23, 2026) ##
+
+*   Filter user supplied metadata in DirectUploadController
+
+    [CVE-2026-33173]
+
+    *Jean Boussier*
+
+*   Configurable maxmimum streaming chunk size
+
+    Makes sure that byte ranges for blobs don't exceed 100mb by default.
+    Content ranges that are too big can result in denial of service.
+
+    [CVE-2026-33174]
+
+    *Gannon McGibbon*
+
+*   Limit range requests to a single range
+
+    [CVE-2026-33658]
+
+    *Jean Boussier*
+
+*   Prevent path traversal in `DiskService`.
+
+    `DiskService#path_for` now raises an `InvalidKeyError` when passed keys with dot segments (".",
+    ".."), or if the resolved path is outside the storage root directory.
+
+    `#path_for` also now consistently raises `InvalidKeyError` if the key is invalid in any way, for
+    example containing null bytes or having an incompatible encoding. Previously, the exception
+    raised may have been `ArgumentError` or `Encoding::CompatibilityError`.
+
+    `DiskController` now explicitly rescues `InvalidKeyError` with appropriate HTTP status codes.
+
+    [CVE-2026-33195]
+
+    *Mike Dalessio*
+
+*   Prevent glob injection in `DiskService#delete_prefixed`.
+
+    Escape glob metacharacters in the resolved path before passing to `Dir.glob`.
+
+    Note that this change breaks any existing code that is relying on `delete_prefixed` to expand
+    glob metacharacters. This change presumes that is unintended behavior (as other storage services
+    do not respect these metacharacters).
+
+    [CVE-2026-33202]
+
+    *Mike Dalessio*
+
+
+## Rails 7.2.3 (October 28, 2025) ##
+
+*   Fix `config.active_storage.touch_attachment_records` to work with eager loading.
+
+    *fatkodima*
+
+*   A Blob will no longer autosave associated Attachment.
+
+    This fixes an issue where a record with an attachment would have
+    its dirty attributes reset, preventing your `after commit` callbacks
+    on that record to behave as expected.
+
+    Note that this change doesn't require any changes on your application
+    and is supposed to be internal. Active Storage Attachment will continue
+    to be autosaved (through a different relation).
+
+    *Edouard-chin*
+
+
 ## Rails 7.2.2.2 (August 13, 2025) ##
 
-    Remove dangerous transformations
+*   Remove dangerous transformations
 
     [CVE-2025-24293]
 
     *Zack Deveau*
 
+
 ## Rails 7.2.2.1 (December 10, 2024) ##
 
 *   No changes.

data/README.md

@@ -203,6 +203,6 @@ Bug reports for the Ruby on \Rails project can be filed here:
 
 * https://github.com/rails/rails/issues
 
-Feature requests should be discussed on the rails-core mailing list here:
+Feature requests should be discussed on the rubyonrails-core forum here:
 
 * https://discuss.rubyonrails.org/c/rubyonrails-core

data/app/controllers/active_storage/disk_controller.rb

@@ -17,6 +17,8 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
     end
   rescue Errno::ENOENT
     head :not_found
+  rescue ActiveStorage::InvalidKeyError
+    head :not_found
   end
 
   def update
@@ -25,13 +27,15 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
         named_disk_service(token[:service_name]).upload token[:key], request.body, checksum: token[:checksum]
         head :no_content
       else
-        head :unprocessable_entity
+        head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
       end
     else
       head :not_found
     end
   rescue ActiveStorage::IntegrityError
-    head :unprocessable_entity
+    head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
+  rescue ActiveStorage::InvalidKeyError
+    head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
   end
 
   private

data/app/controllers/concerns/active_storage/streaming.rb

@@ -14,7 +14,8 @@ module ActiveStorage::Streaming
     def send_blob_byte_range_data(blob, range_header, disposition: nil)
       ranges = Rack::Utils.get_byte_ranges(range_header, blob.byte_size)
 
-      return head(:range_not_satisfiable) if ranges.blank? || ranges.all?(&:blank?)
+      return head(:range_not_satisfiable) unless ranges_valid?(ranges)
+      return head(:range_not_satisfiable) if ranges.length > ActiveStorage.streaming_max_ranges
 
       if ranges.length == 1
         range = ranges.first
@@ -51,6 +52,12 @@ module ActiveStorage::Streaming
       )
     end
 
+    def ranges_valid?(ranges)
+      return false if ranges.blank? || ranges.all?(&:blank?)
+
+      ranges.sum { |range| range.end - range.begin } < ActiveStorage.streaming_chunk_max_size
+    end
+
     # Stream the blob from storage directly to the response. The disposition can be controlled by setting +disposition+.
     # The content type and filename is set directly from the +blob+.
     def send_blob_stream(blob, disposition: nil) # :doc:

data/app/models/active_storage/blob/representable.rb

@@ -31,6 +31,72 @@ module ActiveStorage::Blob::Representable
   # Raises ActiveStorage::InvariableError if the variant processor cannot
   # transform the blob. To determine whether a blob is variable, call
   # ActiveStorage::Blob#variable?.
+  #
+  # ==== Options
+  #
+  # Options are defined by the {image_processing gem}[https://github.com/janko/image_processing],
+  # and depend on which variant processor you are using:
+  # {Vips}[https://github.com/janko/image_processing/blob/master/doc/vips.md] or
+  # {MiniMagick}[https://github.com/janko/image_processing/blob/master/doc/minimagick.md].
+  # However, both variant processors support the following options:
+  #
+  # [+:resize_to_limit+]
+  #   Downsizes the image to fit within the specified dimensions while retaining
+  #   the original aspect ratio. Will only resize the image if it's larger than
+  #   the specified dimensions.
+  #
+  #       user.avatar.variant(resize_to_limit: [100, 100])
+  #
+  # [+:resize_to_fit+]
+  #   Resizes the image to fit within the specified dimensions while retaining
+  #   the original aspect ratio. Will downsize the image if it's larger than the
+  #   specified dimensions or upsize if it's smaller.
+  #
+  #       user.avatar.variant(resize_to_fit: [100, 100])
+  #
+  # [+:resize_to_fill+]
+  #   Resizes the image to fill the specified dimensions while retaining the
+  #   original aspect ratio. If necessary, will crop the image in the larger
+  #   dimension.
+  #
+  #       user.avatar.variant(resize_to_fill: [100, 100])
+  #
+  # [+:resize_and_pad+]
+  #   Resizes the image to fit within the specified dimensions while retaining
+  #   the original aspect ratio. If necessary, will pad the remaining area with
+  #   transparent color if source image has alpha channel, black otherwise.
+  #
+  #       user.avatar.variant(resize_and_pad: [100, 100])
+  #
+  # [+:crop+]
+  #   Extracts an area from an image. The first two arguments are the left and
+  #   top edges of area to extract, while the last two arguments are the width
+  #   and height of the area to extract.
+  #
+  #       user.avatar.variant(crop: [20, 50, 300, 300])
+  #
+  # [+:rotate+]
+  #   Rotates the image by the specified angle.
+  #
+  #       user.avatar.variant(rotate: 90)
+  #
+  # Some options, including those listed above, can accept additional
+  # processor-specific values which can be passed as a trailing hash:
+  #
+  #     <!-- Vips supports configuring `crop` for many of its transformations -->
+  #     <%= image_tag user.avatar.variant(resize_to_fill: [100, 100, { crop: :centre }]) %>
+  #
+  # If migrating an existing application between MiniMagick and Vips, you will
+  # need to update processor-specific options:
+  #
+  #     <!-- MiniMagick -->
+  #     <%= image_tag user.avatar.variant(resize_to_limit: [100, 100], format: :jpeg,
+  #           sampling_factor: "4:2:0", strip: true, interlace: "JPEG", colorspace: "sRGB", quality: 80) %>
+  #
+  #     <!-- Vips -->
+  #     <%= image_tag user.avatar.variant(resize_to_limit: [100, 100], format: :jpeg,
+  #           saver: { subsample_mode: "on", strip: true, interlace: true, quality: 80 }) %>
+  #
   def variant(transformations)
     if variable?
       variant_class.new(self, ActiveStorage::Variation.wrap(transformations).default_to(default_variant_transformations))

data/app/models/active_storage/blob.rb

@@ -16,10 +16,18 @@
 # Blobs are intended to be immutable in as-so-far as their reference to a specific file goes. You're allowed to
 # update a blob's metadata on a subsequent pass, but you should not update the key or change the uploaded file.
 # If you need to create a derivative or otherwise change the blob, simply create a new blob and purge the old one.
+#
+# When using a custom +key+, the value is treated as trusted. Using untrusted user input
+# as the key may result in unexpected behavior.
 class ActiveStorage::Blob < ActiveStorage::Record
   MINIMUM_TOKEN_LENGTH = 28
 
   has_secure_token :key, length: MINIMUM_TOKEN_LENGTH
+
+  # FIXME: these property should never have been stored in the metadata.
+  # The blob table should be migrated to have dedicated columns for theses.
+  PROTECTED_METADATA = %w(analyzed identified composed)
+  private_constant :PROTECTED_METADATA
   store :metadata, accessors: [ :analyzed, :identified, :composed ], coder: ActiveRecord::Coders::JSON
 
   class_attribute :services, default: {}
@@ -29,7 +37,7 @@ class ActiveStorage::Blob < ActiveStorage::Record
   # :method:
   #
   # Returns the associated ActiveStorage::Attachment instances.
-  has_many :attachments
+  has_many :attachments, autosave: false
 
   ##
   # :singleton-method:
@@ -93,6 +101,9 @@ class ActiveStorage::Blob < ActiveStorage::Record
     # be saved before the upload begins to prevent the upload clobbering another due to key collisions.
     # When providing a content type, pass <tt>identify: false</tt> to bypass
     # automatic content type inference.
+    #
+    # The optional +key+ parameter is treated as trusted. Using untrusted user input
+    # as the key may result in unexpected behavior.
     def create_and_upload!(key: nil, io:, filename:, content_type: nil, metadata: nil, service_name: nil, identify: true, record: nil)
       create_after_unfurling!(key: key, io: io, filename: filename, content_type: content_type, metadata: metadata, service_name: service_name, identify: identify).tap do |blob|
         blob.upload_without_unfurling(io)
@@ -105,6 +116,7 @@ class ActiveStorage::Blob < ActiveStorage::Record
     # Once the form using the direct upload is submitted, the blob can be associated with the right record using
     # the signed ID.
     def create_before_direct_upload!(key: nil, filename:, byte_size:, checksum:, content_type: nil, metadata: nil, service_name: nil, record: nil)
+      metadata = filter_metadata(metadata)
       create! key: key, filename: filename, byte_size: byte_size, checksum: checksum, content_type: content_type, metadata: metadata, service_name: service_name
     end
 
@@ -153,21 +165,14 @@ class ActiveStorage::Blob < ActiveStorage::Record
       end
     end
 
-    def validate_service_configuration(service_name, model_class, association_name) # :nodoc:
-      if service_name
-        services.fetch(service_name) do
-          raise ArgumentError, "Cannot configure service #{service_name.inspect} for #{model_class}##{association_name}"
+    private
+      def filter_metadata(metadata)
+        if metadata.is_a?(Hash)
+          metadata.without(*PROTECTED_METADATA)
+        else
+          metadata
         end
-      else
-        validate_global_service_configuration
       end
-    end
-
-    def validate_global_service_configuration # :nodoc:
-      if connected? && table_exists? && Rails.configuration.active_storage.service.nil?
-        raise RuntimeError, "Missing Active Storage service name. Specify Active Storage service name for config.active_storage.service in config/environments/#{Rails.env}.rb"
-      end
-    end
   end
 
   include Analyzable

data/lib/active_storage/attached/changes/create_one.rb

@@ -121,7 +121,7 @@ module ActiveStorage
         service_name = record.attachment_reflections[name].options[:service_name]
         if service_name.is_a?(Proc)
           service_name = service_name.call(record)
-          ActiveStorage::Blob.validate_service_configuration(service_name, record.class, name)
+          Attached::Model.validate_service_configuration(service_name, record.class, name)
         end
         service_name
       end

data/lib/active_storage/attached/model.rb

@@ -104,7 +104,7 @@ module ActiveStorage
       # <tt>active_storage_attachments.record_type</tt> polymorphic type column of
       # the corresponding rows.
       def has_one_attached(name, dependent: :purge_later, service: nil, strict_loading: false)
-        ActiveStorage::Blob.validate_service_configuration(service, self, name) unless service.is_a?(Proc)
+        Attached::Model.validate_service_configuration(service, self, name) unless service.is_a?(Proc)
 
         generated_association_methods.class_eval <<-CODE, __FILE__, __LINE__ + 1
           # frozen_string_literal: true
@@ -204,7 +204,7 @@ module ActiveStorage
       # <tt>active_storage_attachments.record_type</tt> polymorphic type column of
       # the corresponding rows.
       def has_many_attached(name, dependent: :purge_later, service: nil, strict_loading: false)
-        ActiveStorage::Blob.validate_service_configuration(service, self, name) unless service.is_a?(Proc)
+        Attached::Model.validate_service_configuration(service, self, name) unless service.is_a?(Proc)
 
         generated_association_methods.class_eval <<-CODE, __FILE__, __LINE__ + 1
           # frozen_string_literal: true
@@ -255,6 +255,25 @@ module ActiveStorage
       end
     end
 
+    class << self
+      def validate_service_configuration(service_name, model_class, association_name) # :nodoc:
+        if service_name
+          ActiveStorage::Blob.services.fetch(service_name) do
+            raise ArgumentError, "Cannot configure service #{service_name.inspect} for #{model_class}##{association_name}"
+          end
+        else
+          validate_global_service_configuration(model_class)
+        end
+      end
+
+      private
+        def validate_global_service_configuration(model_class)
+          if model_class.connected? && ActiveStorage::Blob.table_exists? && Rails.configuration.active_storage.service.nil?
+            raise RuntimeError, "Missing Active Storage service name. Specify Active Storage service name for config.active_storage.service in config/environments/#{Rails.env}.rb"
+          end
+        end
+    end
+
     def attachment_changes # :nodoc:
       @attachment_changes ||= {}
     end

data/lib/active_storage/engine.rb

@@ -84,6 +84,10 @@ module ActiveStorage
     end
 
     initializer "active_storage.configs" do
+      config.before_initialize do |app|
+        ActiveStorage.touch_attachment_records = app.config.active_storage.touch_attachment_records != false
+      end
+
       config.after_initialize do |app|
         ActiveStorage.logger            = app.config.active_storage.logger || Rails.logger
         ActiveStorage.variant_processor = app.config.active_storage.variant_processor || :mini_magick
@@ -112,13 +116,13 @@ module ActiveStorage
         ActiveStorage.variable_content_types = app.config.active_storage.variable_content_types || []
         ActiveStorage.web_image_content_types = app.config.active_storage.web_image_content_types || []
         ActiveStorage.content_types_to_serve_as_binary = app.config.active_storage.content_types_to_serve_as_binary || []
-        ActiveStorage.touch_attachment_records = app.config.active_storage.touch_attachment_records != false
         ActiveStorage.service_urls_expire_in = app.config.active_storage.service_urls_expire_in || 5.minutes
         ActiveStorage.urls_expire_in = app.config.active_storage.urls_expire_in
         ActiveStorage.content_types_allowed_inline = app.config.active_storage.content_types_allowed_inline || []
         ActiveStorage.binary_content_type = app.config.active_storage.binary_content_type || "application/octet-stream"
         ActiveStorage.video_preview_arguments = app.config.active_storage.video_preview_arguments || "-y -vframes 1 -f image2"
         ActiveStorage.track_variants = app.config.active_storage.track_variants || false
+        ActiveStorage.streaming_chunk_max_size = app.config.active_storage.streaming_chunk_max_size || 100.megabytes
       end
     end
 

data/lib/active_storage/errors.rb

@@ -26,4 +26,8 @@ module ActiveStorage
 
   # Raised when a Previewer is unable to generate a preview image.
   class PreviewError < Error; end
+
+  # Raised when a storage key resolves to a path outside the service's root
+  # directory, indicating a potential path traversal attack.
+  class InvalidKeyError < Error; end
 end

data/lib/active_storage/fixture_set.rb

@@ -50,7 +50,7 @@ module ActiveStorage
     # by ActiveSupport::Testing::FileFixtures.file_fixture, and upload
     # the file to the Service
     #
-    # === Examples
+    # ==== Examples
     #
     #   # tests/fixtures/active_storage/blobs.yml
     #   second_thumbnail_blob: <%= ActiveStorage::FixtureSet.blob(

data/lib/active_storage/gem_version.rb

@@ -9,8 +9,8 @@ module ActiveStorage
   module VERSION
     MAJOR = 7
     MINOR = 2
-    TINY  = 2
-    PRE   = "2"
+    TINY  = 3
+    PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/active_storage/service/disk_service.rb

@@ -60,7 +60,16 @@ module ActiveStorage
 
     def delete_prefixed(prefix)
       instrument :delete_prefixed, prefix: prefix do
-        Dir.glob(path_for("#{prefix}*")).each do |path|
+        prefix_path = path_for(prefix)
+
+        # File.expand_path (called within path_for) strips trailing slashes.
+        # Restore trailing separator if the original prefix had one, so that
+        # the glob "prefix/*" matches files inside the directory, not siblings
+        # whose names start with the prefix string.
+        prefix_path += "/" if prefix.end_with?("/")
+
+        escaped = escape_glob_metacharacters(prefix_path)
+        Dir.glob("#{escaped}*").each do |path|
           FileUtils.rm_rf(path)
         end
       end
@@ -98,8 +107,39 @@ module ActiveStorage
       { "Content-Type" => content_type }
     end
 
+    # Every filesystem operation in DiskService resolves paths through this method (or through
+    # make_path_for, which delegates here). This is the primary filesystem security check: all
+    # path-traversal protection is enforced here. New methods that touch the filesystem MUST use
+    # path_for or make_path_for -- never construct paths from +root+ directly.
     def path_for(key) # :nodoc:
-      File.join root, folder_for(key), key
+      if key.blank?
+        raise ActiveStorage::InvalidKeyError, "key is blank"
+      end
+
+      # Reject keys with dot segments as defense in depth. This prevents path traversal both outside
+      # and within the storage root. The root containment check below is a more fundamental check on
+      # path traversal outside of the disk service root.
+      begin
+        if key.split("/").intersect?(%w[. ..])
+          raise ActiveStorage::InvalidKeyError, "key has path traversal segments"
+        end
+      rescue Encoding::CompatibilityError
+        raise ActiveStorage::InvalidKeyError, "key has incompatible encoding"
+      end
+
+      begin
+        path = File.expand_path(File.join(root, folder_for(key), key))
+      rescue ArgumentError
+        # ArgumentError catches null bytes
+        raise ActiveStorage::InvalidKeyError, "key is an invalid string"
+      end
+
+      # The resolved path must be inside the root directory.
+      unless path.start_with?(File.expand_path(root) + "/")
+        raise ActiveStorage::InvalidKeyError, "key is outside of disk service root"
+      end
+
+      path
     end
 
     def compose(source_keys, destination_key, **)
@@ -156,6 +196,10 @@ module ActiveStorage
         [ key[0..1], key[2..3] ].join("/")
       end
 
+      def escape_glob_metacharacters(path)
+        path.gsub(/[\[\]*?{}\\]/) { |c| "\\#{c}" }
+      end
+
       def make_path_for(key)
         path_for(key).tap { |path| FileUtils.mkdir_p File.dirname(path) }
       end

data/lib/active_storage/service/s3_service.rb

@@ -16,6 +16,7 @@ module ActiveStorage
 
     def initialize(bucket:, upload: {}, public: false, **options)
       @client = Aws::S3::Resource.new(**options)
+      @transfer_manager = Aws::S3::TransferManager.new(client: @client.client) if defined?(Aws::S3::TransferManager)
       @bucket = @client.bucket(bucket)
 
       @multipart_upload_threshold = upload.delete(:multipart_threshold) || 100.megabytes
@@ -100,7 +101,8 @@ module ActiveStorage
     def compose(source_keys, destination_key, filename: nil, content_type: nil, disposition: nil, custom_metadata: {})
       content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
 
-      object_for(destination_key).upload_stream(
+      upload_stream(
+        key: destination_key,
         content_type: content_type,
         content_disposition: content_disposition,
         part_size: MINIMUM_UPLOAD_PART_SIZE,
@@ -116,6 +118,14 @@ module ActiveStorage
     end
 
     private
+      def upload_stream(key:, **options, &block)
+        if @transfer_manager
+          @transfer_manager.upload_stream(key: key, bucket: bucket.name, **options, &block)
+        else
+          object_for(key).upload_stream(**options, &block)
+        end
+      end
+
       def private_url(key, expires_in:, filename:, disposition:, content_type:, **client_opts)
         object_for(key).presigned_url :get, expires_in: expires_in.to_i,
           response_content_disposition: content_disposition_with(type: disposition, filename: filename),
@@ -126,7 +136,6 @@ module ActiveStorage
         object_for(key).public_url(**client_opts)
       end
 
-
       MAXIMUM_UPLOAD_PARTS_COUNT = 10000
       MINIMUM_UPLOAD_PART_SIZE   = 5.megabytes
 
@@ -139,12 +148,18 @@ module ActiveStorage
       def upload_with_multipart(key, io, content_type: nil, content_disposition: nil, custom_metadata: {})
         part_size = [ io.size.fdiv(MAXIMUM_UPLOAD_PARTS_COUNT).ceil, MINIMUM_UPLOAD_PART_SIZE ].max
 
-        object_for(key).upload_stream(content_type: content_type, content_disposition: content_disposition, part_size: part_size, metadata: custom_metadata, **upload_options) do |out|
+        upload_stream(
+          key: key,
+          content_type: content_type,
+          content_disposition: content_disposition,
+          part_size: part_size,
+          metadata: custom_metadata,
+          **upload_options
+        ) do |out|
           IO.copy_stream(io, out)
         end
       end
 
-
       def object_for(key)
         bucket.object(key)
       end

data/lib/active_storage.rb

@@ -27,6 +27,7 @@ require "active_record"
 require "active_support"
 require "active_support/rails"
 require "active_support/core_ext/numeric/time"
+require "active_support/core_ext/numeric/bytes"
 
 require "active_storage/version"
 require "active_storage/deprecator"
@@ -350,6 +351,7 @@ module ActiveStorage
   ]
   mattr_accessor :unsupported_image_processing_arguments
 
+  mattr_accessor :streaming_chunk_max_size, default: 100.megabytes
   mattr_accessor :service_urls_expire_in, default: 5.minutes
   mattr_accessor :touch_attachment_records, default: true
   mattr_accessor :urls_expire_in
@@ -360,6 +362,18 @@ module ActiveStorage
 
   mattr_accessor :track_variants, default: false
 
+  singleton_class.attr_accessor :checksum_implementation
+  @checksum_implementation = OpenSSL::Digest::MD5
+  begin
+    @checksum_implementation.hexdigest("test")
+  rescue # OpenSSL may have MD5 disabled
+    require "digest/md5"
+    @checksum_implementation = Digest::MD5
+  end
+
+  singleton_class.attr_accessor :streaming_max_ranges
+  @streaming_max_ranges = 1
+
   mattr_accessor :video_preview_arguments, default: "-y -vframes 1 -f image2"
 
   module Transformers

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: activestorage
 version: !ruby/object:Gem::Version
-  version: 7.2.2.2
+  version: 7.2.3.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -15,56 +15,56 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
 - !ruby/object:Gem::Dependency
   name: activejob
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3.1
 - !ruby/object:Gem::Dependency
   name: marcel
   requirement: !ruby/object:Gem::Requirement
@@ -189,10 +189,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.2.2.2/activestorage/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.2.2.2/
+  changelog_uri: https://github.com/rails/rails/blob/v7.2.3.1/activestorage/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.2.3.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.2.2.2/activestorage
+  source_code_uri: https://github.com/rails/rails/tree/v7.2.3.1/activestorage
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -208,7 +208,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Local and cloud file storage framework.
 test_files: []