You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 2, 2020. It is now read-only.
Upgrades rails to 3.2.22.1 to address the following CVE's:
- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action
Controller.
- CVE-2016-0751: Possible Object Leak and Denial of Service attack in Action
Pack
- CVE-2015-7577: Nested attributes rejection proc bypass in Active Record.
- CVE-2016-0752: Possible Information Leak Vulnerability in Action View
- CVE-2016-0753: Possible Input Validation Circumvention in Active Model
- CVE-2015-7581: Object leak vulnerability for wildcard controller routes in
Action Pack
Full changelog: rails/rails@v3.2.22...v3.2.22.1Fixes#88, #87, #86 and #85.
Heaven detected that rails is not >= 5.0.0.beta1.1, ~> 3.2.22.1, ~> 4.1.14.1, ~> 4.2.5.1
Your Gemfile.lock on the master branch currently is 3.2.22.
Can you folks fix this up? 💞
/cc https://github.com/github/security/issues/1363
The text was updated successfully, but these errors were encountered: