activesupport 6.0.3 → 6.0.3.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/active_support/cache/mem_cache_store.rb +2 -12
- data/lib/active_support/cache/redis_cache_store.rb +16 -11
- data/lib/active_support/gem_version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 27ca64902752919c07141c16dfbcdc8778c7ebe2d4ff731d08929496e5c361b6
|
|
4
|
+
data.tar.gz: 61da30389c58c0aada87afefa84c53aa7500cea25e7e275d1722356e88b151f1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8444e314fb626748d3d2350b9d91e634a3ddf1822858aef8c5d7c2eda762c1fb92416dfc5d326c2a112e3ef034be0cb79006d745c2aaae09a214ba02f1a639bc
|
|
7
|
+
data.tar.gz: 7de5b2431cfab0e6bc39fa3ccaa2234c8fb0b495fda4438cc371e0e27308855026894e5b1de400365f394994ac9567bf97efe9a9c3ed48aa1e8c9195d9c7c145
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## Rails 6.0.3.1 (May 18, 2020) ##
|
|
2
|
+
|
|
3
|
+
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
|
|
4
|
+
|
|
5
|
+
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
|
|
6
|
+
|
|
1
7
|
## Rails 6.0.3 (May 06, 2020) ##
|
|
2
8
|
|
|
3
9
|
* `Array#to_sentence` no longer returns a frozen string.
|
|
@@ -7,7 +7,6 @@ rescue LoadError => e
|
|
|
7
7
|
raise e
|
|
8
8
|
end
|
|
9
9
|
|
|
10
|
-
require "active_support/core_ext/marshal"
|
|
11
10
|
require "active_support/core_ext/array/extract_options"
|
|
12
11
|
|
|
13
12
|
module ActiveSupport
|
|
@@ -28,14 +27,6 @@ module ActiveSupport
|
|
|
28
27
|
# Provide support for raw values in the local cache strategy.
|
|
29
28
|
module LocalCacheWithRaw # :nodoc:
|
|
30
29
|
private
|
|
31
|
-
def read_entry(key, **options)
|
|
32
|
-
entry = super
|
|
33
|
-
if options[:raw] && local_cache && entry
|
|
34
|
-
entry = deserialize_entry(entry.value)
|
|
35
|
-
end
|
|
36
|
-
entry
|
|
37
|
-
end
|
|
38
|
-
|
|
39
30
|
def write_entry(key, entry, **options)
|
|
40
31
|
if options[:raw] && local_cache
|
|
41
32
|
raw_entry = Entry.new(entry.value.to_s)
|
|
@@ -194,9 +185,8 @@ module ActiveSupport
|
|
|
194
185
|
key
|
|
195
186
|
end
|
|
196
187
|
|
|
197
|
-
def deserialize_entry(
|
|
198
|
-
if
|
|
199
|
-
entry = Marshal.load(raw_value) rescue raw_value
|
|
188
|
+
def deserialize_entry(entry)
|
|
189
|
+
if entry
|
|
200
190
|
entry.is_a?(Entry) ? entry : Entry.new(entry)
|
|
201
191
|
end
|
|
202
192
|
end
|
|
@@ -74,14 +74,6 @@ module ActiveSupport
|
|
|
74
74
|
# Support raw values in the local cache strategy.
|
|
75
75
|
module LocalCacheWithRaw # :nodoc:
|
|
76
76
|
private
|
|
77
|
-
def read_entry(key, **options)
|
|
78
|
-
entry = super
|
|
79
|
-
if options[:raw] && local_cache && entry
|
|
80
|
-
entry = deserialize_entry(entry.value)
|
|
81
|
-
end
|
|
82
|
-
entry
|
|
83
|
-
end
|
|
84
|
-
|
|
85
77
|
def write_entry(key, entry, **options)
|
|
86
78
|
if options[:raw] && local_cache
|
|
87
79
|
raw_entry = Entry.new(serialize_entry(entry, raw: true))
|
|
@@ -348,7 +340,8 @@ module ActiveSupport
|
|
|
348
340
|
# Read an entry from the cache.
|
|
349
341
|
def read_entry(key, **options)
|
|
350
342
|
failsafe :read_entry do
|
|
351
|
-
|
|
343
|
+
raw = options&.fetch(:raw, false)
|
|
344
|
+
deserialize_entry(redis.with { |c| c.get(key) }, raw: raw)
|
|
352
345
|
end
|
|
353
346
|
end
|
|
354
347
|
|
|
@@ -364,6 +357,7 @@ module ActiveSupport
|
|
|
364
357
|
options = names.extract_options!
|
|
365
358
|
options = merged_options(options)
|
|
366
359
|
return {} if names == []
|
|
360
|
+
raw = options&.fetch(:raw, false)
|
|
367
361
|
|
|
368
362
|
keys = names.map { |name| normalize_key(name, options) }
|
|
369
363
|
|
|
@@ -373,7 +367,7 @@ module ActiveSupport
|
|
|
373
367
|
|
|
374
368
|
names.zip(values).each_with_object({}) do |(name, value), results|
|
|
375
369
|
if value
|
|
376
|
-
entry = deserialize_entry(value)
|
|
370
|
+
entry = deserialize_entry(value, raw: raw)
|
|
377
371
|
unless entry.nil? || entry.expired? || entry.mismatched?(normalize_version(name, options))
|
|
378
372
|
results[name] = entry.value
|
|
379
373
|
end
|
|
@@ -448,9 +442,20 @@ module ActiveSupport
|
|
|
448
442
|
end
|
|
449
443
|
end
|
|
450
444
|
|
|
451
|
-
def deserialize_entry(serialized_entry)
|
|
445
|
+
def deserialize_entry(serialized_entry, raw:)
|
|
452
446
|
if serialized_entry
|
|
453
447
|
entry = Marshal.load(serialized_entry) rescue serialized_entry
|
|
448
|
+
|
|
449
|
+
written_raw = serialized_entry.equal?(entry)
|
|
450
|
+
if raw != written_raw
|
|
451
|
+
ActiveSupport::Deprecation.warn(<<-MSG.squish)
|
|
452
|
+
Using a different value for the raw option when reading and writing
|
|
453
|
+
to a cache key is deprecated for :redis_cache_store and Rails 6.0
|
|
454
|
+
will stop automatically detecting the format when reading to avoid
|
|
455
|
+
marshal loading untrusted raw strings.
|
|
456
|
+
MSG
|
|
457
|
+
end
|
|
458
|
+
|
|
454
459
|
entry.is_a?(Entry) ? entry : Entry.new(entry)
|
|
455
460
|
end
|
|
456
461
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activesupport
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.0.3
|
|
4
|
+
version: 6.0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: i18n
|
|
@@ -359,10 +359,10 @@ licenses:
|
|
|
359
359
|
- MIT
|
|
360
360
|
metadata:
|
|
361
361
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
|
362
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.0.3/activesupport/CHANGELOG.md
|
|
363
|
-
documentation_uri: https://api.rubyonrails.org/v6.0.3/
|
|
362
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.0.3.1/activesupport/CHANGELOG.md
|
|
363
|
+
documentation_uri: https://api.rubyonrails.org/v6.0.3.1/
|
|
364
364
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
|
365
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.0.3/activesupport
|
|
365
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.0.3.1/activesupport
|
|
366
366
|
post_install_message:
|
|
367
367
|
rdoc_options:
|
|
368
368
|
- "--encoding"
|