sidekiq 7.2.3 → 7.2.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e20a9134fa2b226bd69fb52fef9e831efa3c598e95f17f1edcd7c5c765fdee0d
4
- data.tar.gz: d9b6a8e217c753b67d7f04ef9656ac81aaa767c92818c7b3ff0d6078901f7151
3
+ metadata.gz: 6c43e6b585c25dcfc8ef8364bb36cf74f9167b981ad03faa3a8d76e0d45ebe55
4
+ data.tar.gz: d8c65dc03008f7280b36af94db753d4c7f68267c2eb0d78cd018322887aabbb0
5
5
  SHA512:
6
- metadata.gz: e88f678b545310eada86b4df6eee4b3b2a479ae59743faaf73ddeb3455738f5be80a9c5b3a3a8c4abbe7ad775c1bd928be6dca518cce4cea8e7a3a5aa6c9a199
7
- data.tar.gz: 46ae598a14f1c46e5f0baabfd5a6a2f16516028340ff21a1a75e90f4e0dab8d366db9bef563f90ea15351794bd5d93f03baa74e62bfd18c42eca5594002f6b7d
6
+ metadata.gz: d2687692b873ab82bda2ad32e9be795150cd0a8d3d330bc19f5b509ba729bef33189e06ebac86b1906c2682187391d6cf0d532e47d03fcbea83058109c5816ef
7
+ data.tar.gz: 431a482baeb03fc4de50fbdfba8717fc332a9d6564fde98a77699a7bd174fa3194431385951cf689c64e04853039c95fcf287084f283e8d381b3b37d5bc665e0
data/Changes.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  [Sidekiq Changes](https://github.com/sidekiq/sidekiq/blob/main/Changes.md) | [Sidekiq Pro Changes](https://github.com/sidekiq/sidekiq/blob/main/Pro-Changes.md) | [Sidekiq Enterprise Changes](https://github.com/sidekiq/sidekiq/blob/main/Ent-Changes.md)
4
4
 
5
+ 7.2.4
6
+ ----------
7
+
8
+ - Fix XSS in metrics filtering introduced in 7.2.0, CVE-2024-32887
9
+ Thanks to @UmerAdeemCheema for the security report.
10
+
5
11
  7.2.3
6
12
  ----------
7
13
 
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Sidekiq
4
- VERSION = "7.2.3"
4
+ VERSION = "7.2.4"
5
5
  MAJOR = 7
6
6
  end
@@ -12,7 +12,7 @@
12
12
  <form id="metrics-form" class="form-inline" action="<%= root_path %>filter/metrics" method="post">
13
13
  <%= csrf_tag %>
14
14
  <label for="substr"><%= t('Filter') %></label>
15
- <input id="class-filter" class="form-control" type="text" name="substr" placeholder="<%= t('Name') %>" value="<%= params[:substr] %>">
15
+ <input id="class-filter" class="form-control" type="text" name="substr" placeholder="<%= t('Name') %>" value="<%= h params[:substr] %>">
16
16
  <select id="period-selector" class="form-control" name="period">
17
17
  <% @periods.each_key do |code| %>
18
18
  <% if code == @period %>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sidekiq
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.3
4
+ version: 7.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Perham
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-25 00:00:00.000000000 Z
11
+ date: 2024-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: redis-client