activesupport 6.1.7.4 → 6.1.7.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4c02edb464fd7298d03b7f713edbd402bb60fb2c1af8e31313123a1f53281b12
4
- data.tar.gz: 05e7df7c00901311db3e93187606c0a289fdc06bdd1dd2cab677e0a89ab8277b
3
+ metadata.gz: b56b4918f12cca3fb75097f3b3fbd61e3e9f2ab8b4decc69c33a98ffca556b1b
4
+ data.tar.gz: 8c063b8ab0508738f3cccd883ccb3dc54459232aeff10ebc037ef34e424c6957
5
5
  SHA512:
6
- metadata.gz: 84e1bb889b69a6e167174865b1b59f46564bf16894c688f411efcbcafbd7cc0e9d579e78d5371bd014fd5af4cf26dd307ae3044b4a03a4209681d08901ce51e0
7
- data.tar.gz: fb9fd3de9aea9a3c2f2b96685ca432a5275a7b3a5bdb7915854983e3766b7300358f77bd6db07dd045a4b3df1d20383723e4ce30dbc1048656ec8dbe7389dde2
6
+ metadata.gz: 863d31ccc7d7a0ec8910363869b433491768b213c80d15b58a98e68295c8b51c98837efa13533bc75c552fa4a85d7c9e375f6220f813f1d0162fc4322671f999
7
+ data.tar.gz: fedfac33f0f6e5a6256dfe188c1a57eb90dd6e7c1a4516ffebf91b947a918c1f338ca235da7adce9895baadb005d2b8247504cf4ac315e5ff94654b251aac823
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## Rails 6.1.7.5 (August 22, 2023) ##
2
+
3
+ * Use a temporary file for storing unencrypted files while editing
4
+
5
+ [CVE-2023-38037]
6
+
7
+
1
8
  ## Rails 6.1.7.4 (June 26, 2023) ##
2
9
 
3
10
  * No changes.
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "pathname"
4
- require "tmpdir"
4
+ require "tempfile"
5
5
  require "active_support/message_encryptor"
6
6
 
7
7
  module ActiveSupport
@@ -69,17 +69,16 @@ module ActiveSupport
69
69
 
70
70
  private
71
71
  def writing(contents)
72
- tmp_file = "#{Process.pid}.#{content_path.basename.to_s.chomp('.enc')}"
73
- tmp_path = Pathname.new File.join(Dir.tmpdir, tmp_file)
74
- tmp_path.binwrite contents
72
+ Tempfile.create(["", "-" + content_path.basename.to_s.chomp(".enc")]) do |tmp_file|
73
+ tmp_path = Pathname.new(tmp_file)
74
+ tmp_path.binwrite contents
75
75
 
76
- yield tmp_path
76
+ yield tmp_path
77
77
 
78
- updated_contents = tmp_path.binread
78
+ updated_contents = tmp_path.binread
79
79
 
80
- write(updated_contents) if updated_contents != contents
81
- ensure
82
- FileUtils.rm(tmp_path) if tmp_path&.exist?
80
+ write(updated_contents) if updated_contents != contents
81
+ end
83
82
  end
84
83
 
85
84
 
@@ -10,7 +10,7 @@ module ActiveSupport
10
10
  MAJOR = 6
11
11
  MINOR = 1
12
12
  TINY = 7
13
- PRE = "4"
13
+ PRE = "5"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activesupport
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.7.4
4
+ version: 6.1.7.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-06-26 00:00:00.000000000 Z
11
+ date: 2023-08-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: i18n
@@ -357,10 +357,10 @@ licenses:
357
357
  - MIT
358
358
  metadata:
359
359
  bug_tracker_uri: https://github.com/rails/rails/issues
360
- changelog_uri: https://github.com/rails/rails/blob/v6.1.7.4/activesupport/CHANGELOG.md
361
- documentation_uri: https://api.rubyonrails.org/v6.1.7.4/
360
+ changelog_uri: https://github.com/rails/rails/blob/v6.1.7.5/activesupport/CHANGELOG.md
361
+ documentation_uri: https://api.rubyonrails.org/v6.1.7.5/
362
362
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
363
- source_code_uri: https://github.com/rails/rails/tree/v6.1.7.4/activesupport
363
+ source_code_uri: https://github.com/rails/rails/tree/v6.1.7.5/activesupport
364
364
  rubygems_mfa_required: 'true'
365
365
  post_install_message:
366
366
  rdoc_options: