RubyGems - fat_free_crm - Versions diffs - 0.14.1 → 0.14.2 - Mend

fat_free_crm 0.14.1 → 0.14.2

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a1c0c4ac354d4c2c34a0d84b51715fc28b0ac02c
-  data.tar.gz: 7bccf3592685da1a91f9485a1067742714e26610
+SHA256:
+  metadata.gz: 91bf600f70e89b2af57ebf332ef9e90550f5ee9fcfb4ce624eb4150bb64af7e8
+  data.tar.gz: ea34e819ea4f7c7104c9724167a11790734528f96f274f6d14a39cd39fb284f8
 SHA512:
-  metadata.gz: 8a200942ebeca8d1c4a2a45e05b462efdaf8f853d763275e238a60b89bd9c75986f72eb78d85f446d13f924cf75299af6386ebbb210b219ddcc98ab6a2108dd1
-  data.tar.gz: 2116a9355c23c583385275c3b86a68d8766dfa81d0d8b2f557c39ebbf6267dce2cfa085bf0f27342117b109b3c53c23d53f5e9242ce64681a9752c9c0bd928d3
+  metadata.gz: 285ecf6eae7e9c898c17e6603309cf50275ff0776bef190bb1facb67ce4e45b72deacfb9c479287b578ea669eeb107fbd48e866d35dd39f3beb948839ccb4840
+  data.tar.gz: 6d1fa7b4ec122f161d4c73c05b22765cb5b5e874f6089c0990729b7f9e4ccf1f38036e6f73a7ca89488b76a24bb580a468b8a5a6d91fb2aa00555394a58849e1

data/CHANGELOG CHANGED

@@ -4,6 +4,17 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
+Sat Oct 27, 2018 (0.14.2)
+---------------------------------------------------------------------
+#### Fixed XSS flaw in tags_helper
+Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.
+Wed Jan 24, 2018 (0.14.1)
+---------------------------------------------------------------------
+ - Fix for CVE-2017-0889 (Paperclip)
 Mon, Dec 5, 2016 (0.14.0)
 ---------------------------------------------------------------------
 Forked to publish 'reduced_fat_crm', a version of fat-free-crm with

@@ -15,7 +15,7 @@ module TagsHelper
       elsif !query.include?(hashtag)
         query += " #{hashtag}"
       end
-      out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
+      out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
     end
   end

@@ -7,7 +7,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 14
-    TINY  = 1
+    TINY  = 2
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fat_free_crm
 version: !ruby/object:Gem::Version
-  version: 0.14.1
+  version: 0.14.2
 platform: ruby
 authors:
 - Michael Dvorkin
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-24 00:00:00.000000000 Z
+date: 2018-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -1559,7 +1559,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.14
+rubygems_version: 2.7.7
 signing_key:
 specification_version: 4
 summary: Fat Free CRM