RubyGems - fat_free_crm - Versions diffs - 0.15.1 → 0.15.2 - Mend

fat_free_crm 0.15.1 → 0.15.2

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bf219e4d463445bc5c66181204e87e00c5530c3b
-  data.tar.gz: 8c96eab60c2464156267f279a36401f029d96796
+SHA256:
+  metadata.gz: f278992b3ffb8e57627d828cda9b23973d4eed2a2b4990cf3d2f768ef7c958fd
+  data.tar.gz: 2fc300e02b9b29f484a8fbeeb75757af152760ab1682ed7aaccc1d71431dc64b
 SHA512:
-  metadata.gz: 022eb58092f6e1e2c3a5e4598a2b09e7b839d57412454a9aa0f63895dee1cc1a3795ce5bf74070dc68770780cb53e95e36c9f767316d96e4671555d0f9e5b452
-  data.tar.gz: 1866419de5183c70477a24cd898e43cb5fb6ad1a5aab0d8951ebb14dbc183d39a956c5f1c771d1d0de210dde54a0f380b1bde90f391f80e2f78e031a5c74750f
+  metadata.gz: 4ef150573319753b25910f2f1e774498f388e79875b2f4ba8d0a926fe3e9731542c38b6241a504b393c95c66f61ecbc0194f334e2125c14d025fd0a187e8e9b6
+  data.tar.gz: eeb34486ca9e9bcbb7b3faae4807b49b1511da8e1d222c971b1fce86fc059436ac022bfb8d29a2a01ee1a245b9f12c1a9f00b144dbb34f3a90289813bf9558da

data/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,17 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
+Sat Oct 27, 2018 (0.15.2)
+---------------------------------------------------------------------
+#### Fixed XSS flaw in tags_helper
+Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.
+Wed Jan 24, 2018 (0.15.1)
+---------------------------------------------------------------------
+ - Fix for CVE-2017-0889 (Paperclip)
 Thu Dec 14, 2017 (0.15.0)
 ---------------------------------------------------------------------
 This release upgrades to rails 5.0.0

data/app/helpers/tags_helper.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module TagsHelper
       elsif !query.include?(hashtag)
         query += " #{hashtag}"
       end
-      out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
+      out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
     end
   end

data/lib/fat_free_crm/version.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 15
-    TINY  = 1
+    TINY  = 2
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fat_free_crm
 version: !ruby/object:Gem::Version
-  version: 0.15.1
+  version: 0.15.2
 platform: ruby
 authors:
 - Michael Dvorkin
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-24 00:00:00.000000000 Z
+date: 2018-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -1584,7 +1584,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.14
+rubygems_version: 2.7.3
 signing_key:
 specification_version: 4
 summary: Fat Free CRM