RubyGems - fat_free_crm - Versions diffs - 0.16.3 → 0.16.4 - Mend

fat_free_crm 0.16.3 → 0.16.4

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 12ac74622a278199d8c503a22920fb0b03300bdb
-  data.tar.gz: d27004574a068d05ae85751eddcc1c3ab3cc8287
+SHA256:
+  metadata.gz: ae1017dbbd08e35ac7336f1809ac762ec68f767f2c5f0f0e5271b9f1549f7ffc
+  data.tar.gz: 893edf5f3b660171f2a22e14d93e8aa8577e1dd4d77ef2f544671e9f1ca88cb9
 SHA512:
-  metadata.gz: b9506e765aa71eb03c1cfc23f2b4a08656703bb9fbd5415ce7dc7717523427476cdc5f162543d6ff042abf70ae1893f0711611cf455ab3fc172562c92c16381f
-  data.tar.gz: d9ae88d69ecf12e9778441457e1b45d6a49c1ce3d2a1c4dfa51a07c990e866d4f3dcdd9d8ad5695a6a2f44382022b06081dfada2c7c3e2109823331a499ac062
+  metadata.gz: c69c3124f7af4441849677afb7ccfb4de9287f676efe77a257bc54b7305991563cbf0a9049d86700041ce66bc1fed62d4bfed51da4c2f4b9283d23e7e976b22a
+  data.tar.gz: d9d4dc31339029ae87c7b4226abdbea32c7ac7d5785dd512c46676f4edd1a6453ec2d93a2bc22ee9c2dd2c582af49bf3bec5951b887759e75d856f3ac68a31f6

data/CHANGELOG.md CHANGED

@@ -4,6 +4,12 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
+Sat Oct 27, 2018 (0.16.4)
+---------------------------------------------------------------------
+#### Fixed XSS flaw in tags_helper
+Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.
 Wed Jan 24, 2018 (0.16.3)
 ---------------------------------------------------------------------
 CVE-2017-0889

@@ -15,7 +15,7 @@ module TagsHelper
       elsif !query.include?(hashtag)
         query += " #{hashtag}"
       end
-      out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
+      out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
     end
   end

@@ -7,7 +7,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 16
-    TINY  = 3
+    TINY  = 4
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fat_free_crm
 version: !ruby/object:Gem::Version
-  version: 0.16.3
+  version: 0.16.4
 platform: ruby
 authors:
 - Michael Dvorkin
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-24 00:00:00.000000000 Z
+date: 2018-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -1585,7 +1585,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.14
+rubygems_version: 2.7.3
 signing_key:
 specification_version: 4
 summary: Fat Free CRM