activesupport 4.1.10 → 4.1.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8cd5347c2e682b4bcd66473c342e0f234ef4a5f0
-  data.tar.gz: 577d91d0b06406c1d600047122ff8fe025637424
+  metadata.gz: 54422272f221596ea76d050a34d6b83f1f1ae6c9
+  data.tar.gz: a05f3b1deef3c7cd943ec76a3e5a66b0987b5b93
 SHA512:
-  metadata.gz: 7177fefc4d6fd0d1c013810fe5526e15e344cefad3a8a78ad0742a54d4d7056b0a5973db791ba6f88d14ed996ec4aad1aa505123d2cd8f930cc6a0318c647cc8
-  data.tar.gz: 2d06a5def260cc8de1ca5dc01abf3590851bb892a47b8fbba9ac8cde32a8e106620280e8523bd6a2e781a09523fbf71349ffc0218aa4be132d43b93e1d712e36
+  metadata.gz: 0c2db7529fd5bc8dc419715c51b865b637e650d76802b40087127893bd3b37defe381608442a7f539dd4a06293cf852b28635b8bac87afbc01aff4ddd6bebf85
+  data.tar.gz: 99497a90dae4da6b174fe25984d1bc362b410b1a5025421774f51c4fcd1162453fd2d58a6a8dd881bd342c576a068618f0c63f14d137d5346fab49424f89c5f5

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## Rails 4.1.11 (June 16, 2015) ##
+
+*   Fix XSS vulnerability in `ActiveSupport::JSON.encode` method.
+
+    CVE-2015-3226.
+
+    *Rafael Mendonça França*
+
+*   Fix denial of service vulnerability in the XML processing.
+
+    CVE-2015-3227.
+
+    *Aaron Patterson*
+
+
 ## Rails 4.1.10 (March 19, 2015) ##
 
 *   Fixed a roundtrip problem with AS::SafeBuffer where primitive-like strings

data/lib/active_support/gem_version.rb

@@ -7,7 +7,7 @@ module ActiveSupport
   module VERSION
     MAJOR = 4
     MINOR = 1
-    TINY  = 10
+    TINY  = 11
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/active_support/json/encoding.rb

@@ -58,6 +58,10 @@ module ActiveSupport
                 super.gsub ESCAPE_REGEX_WITHOUT_HTML_ENTITIES, ESCAPED_CHARS
               end
             end
+
+            def to_s
+              self
+            end
           end
 
           # Mark these as private so we don't leak encoding-specific constructs

data/lib/active_support/xml_mini.rb

@@ -78,6 +78,9 @@ module ActiveSupport
       )
     end
 
+    attr_accessor :depth
+    self.depth = 100
+
     delegate :parse, :to => :backend
 
     def backend

data/lib/active_support/xml_mini/jdom.rb

@@ -46,7 +46,7 @@ module ActiveSupport
         xml_string_reader = StringReader.new(data)
         xml_input_source = InputSource.new(xml_string_reader)
         doc = @dbf.new_document_builder.parse(xml_input_source)
-        merge_element!({CONTENT_KEY => ''}, doc.document_element)
+        merge_element!({CONTENT_KEY => ''}, doc.document_element, XmlMini.depth)
       end
     end
 
@@ -58,9 +58,10 @@ module ActiveSupport
     #   Hash to merge the converted element into.
     # element::
     #   XML element to merge into hash
-    def merge_element!(hash, element)
+    def merge_element!(hash, element, depth)
+      raise 'Document too deep!' if depth == 0
       delete_empty(hash)
-      merge!(hash, element.tag_name, collapse(element))
+      merge!(hash, element.tag_name, collapse(element, depth))
     end
 
     def delete_empty(hash)
@@ -71,14 +72,14 @@ module ActiveSupport
     #
     # element::
     #   The document element to be collapsed.
-    def collapse(element)
+    def collapse(element, depth)
       hash = get_attributes(element)
 
       child_nodes = element.child_nodes
       if child_nodes.length > 0
         (0...child_nodes.length).each do |i|
           child = child_nodes.item(i)
-          merge_element!(hash, child) unless child.node_type == Node.TEXT_NODE
+          merge_element!(hash, child, depth - 1) unless child.node_type == Node.TEXT_NODE
         end
         merge_texts!(hash, element) unless empty_content?(element)
         hash

data/lib/active_support/xml_mini/rexml.rb

@@ -29,7 +29,7 @@ module ActiveSupport
         doc = REXML::Document.new(data)
 
         if doc.root
-          merge_element!({}, doc.root)
+          merge_element!({}, doc.root, XmlMini.depth)
         else
           raise REXML::ParseException,
             "The document #{doc.to_s.inspect} does not have a valid root"
@@ -44,19 +44,20 @@ module ActiveSupport
       #   Hash to merge the converted element into.
       # element::
       #   XML element to merge into hash
-      def merge_element!(hash, element)
-        merge!(hash, element.name, collapse(element))
+      def merge_element!(hash, element, depth)
+        raise REXML::ParseException, "The document is too deep" if depth == 0
+        merge!(hash, element.name, collapse(element, depth))
       end
 
       # Actually converts an XML document element into a data structure.
       #
       # element::
       #   The document element to be collapsed.
-      def collapse(element)
+      def collapse(element, depth)
         hash = get_attributes(element)
 
         if element.has_elements?
-          element.each_element {|child| merge_element!(hash, child) }
+          element.each_element {|child| merge_element!(hash, child, depth - 1) }
           merge_texts!(hash, element) unless empty_content?(element)
           hash
         else

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activesupport
 version: !ruby/object:Gem::Version
-  version: 4.1.10
+  version: 4.1.11
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-19 00:00:00.000000000 Z
+date: 2015-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n