sprockets 4.0.0.beta7 → 4.0.0.beta8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 603199dd1236b7db51572143c09ce33649d81ecd2151d73d01d539b05fb14caa
4
- data.tar.gz: 84e1bf98ebe75d603c8e4ab0c813de0626812226c8315cccdc408bd46ac7e630
3
+ metadata.gz: fbe399f50753fd31d29282b47fa94e3fe7a47a4e68e8ecd13e10b64e77bf1bf5
4
+ data.tar.gz: 9ed07b767bfac2586bec42f89ab577f536eea205c4d2398f2271786454f88329
5
5
  SHA512:
6
- metadata.gz: 6ca211b8b2f1eadd44b4b199e9ffb88f12efcc844b11d86abd3dd7eb78abdb8fc7a24405d95eb6f53b89686cee97417ca47257fbafbe76d35193c4ac2bf5ba35
7
- data.tar.gz: dd22ed98ff05afe2820a24ca7bfb305ba7c1361a4854ecc69b467653297dffc6c872d17d66095561b0b4ef64f9bcee72999a150afa6b721fd0b0b77ada344d70
6
+ metadata.gz: 05a368c8f64c7469441e524d9886cbd0edd75b0c877e91f3c8ce4802efa378500725b4fe803f74bc03fc5927ffe4ee09433766a3451dabcc6ec19d6101dcfdae
7
+ data.tar.gz: 96734d6f69801043e458d9a383f3011538264a934908936eb20ea357203e10a9c2bf48863ebc8d28d069628e314debaa15361a1d807468605a24e68393e3ce64
@@ -4,6 +4,10 @@ Get upgrade notes from Sprockets 3.x to 4.x at https://github.com/rails/sprocket
4
4
 
5
5
  ## Master
6
6
 
7
+ ## 4.0.0.beta8
8
+
9
+ - Security release for [CVE-2018-3760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760)
10
+
7
11
  ## 4.0.0.beta7
8
12
 
9
13
  - Fix a year long bug that caused `Sprockets::FileNotFound` errors when the asset was present [#547]
@@ -114,7 +114,7 @@ module Sprockets
114
114
  #
115
115
  # http://example.org/assets/../../../etc/passwd
116
116
  #
117
- path.include?("..") || absolute_path?(path)
117
+ path.include?("..") || absolute_path?(path) || path.include?("://")
118
118
  end
119
119
 
120
120
  def head_request?(env)
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module Sprockets
3
- VERSION = "4.0.0.beta7"
3
+ VERSION = "4.0.0.beta8"
4
4
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0.beta7
4
+ version: 4.0.0.beta8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Stephenson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-03-13 00:00:00.000000000 Z
12
+ date: 2018-06-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack