double_entry 2.0.1 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94cf9e4e7931a05b37250722ced311b4cf272bd96a716f36ebec81eaccf1d8fb
-  data.tar.gz: d55cd976db1dd8c2ccc93658664701a9d6743ff83606c6ece1eaaf3c08d3a9b8
+  metadata.gz: 4ad1dc8c5b4f20bfd02e9d7b99fe7054f78bc64fb6f5f654359fba5b77fffb01
+  data.tar.gz: 8e76cac38eadd04346fa565084521aa407f172d8a47aaf2f1b6c3e8e62b3c9ff
 SHA512:
-  metadata.gz: 5383c40fc2354d1699c63770b2a4b74a664daa9f84645b4497a2c66aa9410de7405dddd51a7c30ccdc8052a035cee346efa63dae9d72ad8269f3126f56a3a81f
-  data.tar.gz: 22d01c13479911a6c6d57e3ba65952ef0b5693508136e7e6147eda6b1a90332f5d3a32f7247e6d3b53043427b7c47b94e71bc8f1b963f465bf0566c022af7a69
+  metadata.gz: 4e874c2bb7a8b0c648dee94a972cbd1586ae8f61363496a720d14fe57065c9fb150f09075914a2bf4c93d4a3472a8315886ad158eb9369a2c9ef6d0176224280
+  data.tar.gz: e2bb413346897ea8c0056eabcd98a2553c45c353d90385f1919691bc9a48379b4fe673012c109778e23c402b611df369e9d4f7465c1ec20f888ca4dbf7c041cd

data/CHANGELOG.md

@@ -7,7 +7,23 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/envato/double_entry/compare/v2.0.1...HEAD
+[Unreleased]: https://github.com/envato/double_entry/compare/v2.0.2...HEAD
+
+## [2.0.2] - 2026-01-05
+
+### Fixed
+
+- Fix critical thread-safety issues in locking mechanism by replacing object_id-based
+  lock storage with proper thread-local storage. This resolves object ID reuse
+  vulnerabilities, race conditions, and memory leaks ([#226]).
+
+### Changed
+
+- Run the test suite against Rails 8.1, 8.0, 7.2, and Ruby 4.0, 3.4, 3.3, 3.2 ([#225]).
+
+[2.0.2]: https://github.com/envato/double_entry/compare/v2.0.1...v2.0.2
+[#225]: https://github.com/envato/double_entry/pull/225
+[#226]: https://github.com/envato/double_entry/pull/226
 
 ## [2.0.1] - 2023-11-01
 

data/README.md

@@ -22,15 +22,15 @@ DoubleEntry uses the [Money gem](https://github.com/RubyMoney/money) to encapsul
 DoubleEntry is tested against:
 
 Ruby
- * 2.7.x
- * 3.0.x
- * 3.1.x
+ * 4.0.x
+ * 3.4.x
+ * 3.3.x
  * 3.2.x
 
 Rails
- * 6.0.x
- * 6.1.x
- * 7.0.x
+ * 8.1.x
+ * 8.0.x
+ * 7.2.x
 
 Databases
  * MySQL

data/double_entry.gemspec

@@ -10,14 +10,15 @@ Gem::Specification.new do |gem|
   gem.authors               = ['Envato']
   gem.email                 = ['rubygems@envato.com']
   gem.summary               = 'Tools to build your double entry financial ledger'
-  gem.homepage              = 'https://github.com/envato/double_entry'
+  gem.homepage              = "https://github.com/envato/#{gem.name}"
   gem.license               = 'MIT'
 
   gem.metadata = {
-    'bug_tracker_uri'   => 'https://github.com/envato/double_entry/issues',
-    'changelog_uri'     => "https://github.com/envato/double_entry/blob/v#{gem.version}/CHANGELOG.md",
-    'documentation_uri' => "https://www.rubydoc.info/gems/double_entry/#{gem.version}",
-    'source_code_uri'   => "https://github.com/envato/double_entry/tree/v#{gem.version}",
+    'allowed_push_host' => 'https://rubygems.org',
+    'bug_tracker_uri'   => "#{gem.homepage}/issues",
+    'changelog_uri'     => "#{gem.homepage}/blob/v#{gem.version}/CHANGELOG.md",
+    'documentation_uri' => "https://www.rubydoc.info/gems/#{gem.name}/#{gem.version}",
+    'source_code_uri'   => "#{gem.homepage}/tree/v#{gem.version}",
   }
 
   gem.files                 = `git ls-files -z`.split("\x0").select do |f|

data/lib/double_entry/locking.rb

@@ -57,8 +57,6 @@ module DoubleEntry
     end
 
     class Lock
-      @@locks = {}
-
       def initialize(accounts)
         # Make sure we always lock in the same order, to avoid deadlocks.
         @accounts = accounts.flatten.sort
@@ -97,15 +95,15 @@ module DoubleEntry
     private
 
       def locks
-        @@locks[Thread.current.object_id]
+        Thread.current[:double_entry_locks]
       end
 
       def locks=(locks)
-        @@locks[Thread.current.object_id] = locks
+        Thread.current[:double_entry_locks] = locks
       end
 
       def remove_locks
-        @@locks.delete(Thread.current.object_id)
+        Thread.current[:double_entry_locks] = nil
       end
 
       # Return true if there's a lock on the given account.

data/lib/double_entry/version.rb

@@ -1,5 +1,5 @@
 # encoding: utf-8
 
 module DoubleEntry
-  VERSION = '2.0.1'
+  VERSION = '2.0.2'
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: double_entry
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.0.2
 platform: ruby
 authors:
 - Envato
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-01 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -220,7 +219,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
 email:
 - rubygems@envato.com
 executables: []
@@ -255,11 +253,11 @@ homepage: https://github.com/envato/double_entry
 licenses:
 - MIT
 metadata:
+  allowed_push_host: https://rubygems.org
   bug_tracker_uri: https://github.com/envato/double_entry/issues
-  changelog_uri: https://github.com/envato/double_entry/blob/v2.0.1/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/double_entry/2.0.1
-  source_code_uri: https://github.com/envato/double_entry/tree/v2.0.1
-post_install_message:
+  changelog_uri: https://github.com/envato/double_entry/blob/v2.0.2/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/double_entry/2.0.2
+  source_code_uri: https://github.com/envato/double_entry/tree/v2.0.2
 rdoc_options: []
 require_paths:
 - lib
@@ -274,8 +272,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.21
-signing_key:
+rubygems_version: 4.0.3
 specification_version: 4
 summary: Tools to build your double entry financial ledger
 test_files: []