activestorage 5.2.4.2 → 5.2.4.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activestorage might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9d43d7faef40ba0e87e10cdd48ee54cf39d9c62c6a9ceb30a9c459aa4a19aff0
4
- data.tar.gz: 450328e96bc8567dabeec9d2cc21ec51ca11581adfbe799a4ffaa94cc495e1b2
3
+ metadata.gz: 90cbc7290c32f7705cf84c2e0ec69ad638826950f7617239b7316c42f6707552
4
+ data.tar.gz: 03d9a5500dc862592cab7e7e0e2748d28de0f21b6f5903c0dc6c85c5a59ae3f1
5
5
  SHA512:
6
- metadata.gz: 20c106e8b8be29d5f6d4fcc8dfab5ea737bce3f57f3d0d6d5392c9ea81115a08970a7ee420ca20a101e5ca93fcbc873526f12e9386e375ca10f7292b06878dd1
7
- data.tar.gz: dee7d312a1f086a0a1f0da4c669b61c6d04b674cffce6f27e7635a1fbd6feae0ed216317afda89139dbb61865a3bed2bb7a82dd1730b8c2f85ff7a1c46a96a1e
6
+ metadata.gz: 4209fb9e393c4698fe4154de23864f694503ec795d0d37cef271d99c05452f42e67ecd133532d188841d72b25b0b57b18b0a555bab2df706a3d92b00386c2d6e
7
+ data.tar.gz: 8e840de9ebd7cda17e0527fc1d4ba41d91ff8a19270d4a6cae38f6976c8646b5d1dc1482e67376ae8fd3dc28531586022276d26a2e4d7d9c874a6852f9a98475
@@ -1,3 +1,8 @@
1
+ ## Rails 5.2.4.3 (May 18, 2020) ##
2
+
3
+ * [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
4
+
5
+
1
6
  ## Rails 5.2.4.1 (December 18, 2019) ##
2
7
 
3
8
  * No changes.
@@ -10,7 +10,7 @@ module ActiveStorage
10
10
  MAJOR = 5
11
11
  MINOR = 2
12
12
  TINY = 4
13
- PRE = "2"
13
+ PRE = "3"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
@@ -79,7 +79,8 @@ module ActiveStorage
79
79
  def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
80
80
  instrument :url, key: key do |payload|
81
81
  generated_url = object_for(key).presigned_url :put, expires_in: expires_in.to_i,
82
- content_type: content_type, content_length: content_length, content_md5: checksum
82
+ content_type: content_type, content_length: content_length, content_md5: checksum,
83
+ whitelist_headers: ['content-length']
83
84
 
84
85
  payload[:url] = generated_url
85
86
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activestorage
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.4.2
4
+ version: 5.2.4.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-19 00:00:00.000000000 Z
11
+ date: 2020-05-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.2.4.2
19
+ version: 5.2.4.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.2.4.2
26
+ version: 5.2.4.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activerecord
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 5.2.4.2
33
+ version: 5.2.4.3
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 5.2.4.2
40
+ version: 5.2.4.3
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: marcel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -124,8 +124,8 @@ homepage: http://rubyonrails.org
124
124
  licenses:
125
125
  - MIT
126
126
  metadata:
127
- source_code_uri: https://github.com/rails/rails/tree/v5.2.4.2/activestorage
128
- changelog_uri: https://github.com/rails/rails/blob/v5.2.4.2/activestorage/CHANGELOG.md
127
+ source_code_uri: https://github.com/rails/rails/tree/v5.2.4.3/activestorage
128
+ changelog_uri: https://github.com/rails/rails/blob/v5.2.4.3/activestorage/CHANGELOG.md
129
129
  post_install_message:
130
130
  rdoc_options: []
131
131
  require_paths:
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
141
141
  - !ruby/object:Gem::Version
142
142
  version: '0'
143
143
  requirements: []
144
- rubygems_version: 3.0.3
144
+ rubygems_version: 3.1.2
145
145
  signing_key:
146
146
  specification_version: 4
147
147
  summary: Local and cloud file storage framework.