become compatible with Rails 3.2.10 #2

Closed
wants to merge 7 commits into
from

Conversation

Projects
None yet
2 participants

tijn commented Jan 3, 2013

I forked db-charmer to merge in the changes that kovyrin made to db-charmer after this 💩 happened:

SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

libc and others added some commits Jul 16, 2012

@libc libc Bump dependency to 3.2.6
The specs are passed. Even though there's a dependency issue in
db-charmer-sandbox, that introduces random failures with the rspec
random ordering.
b48ef0a
@libc libc Make db_charmer_connection_proxy/level thread safe.
db_charmer_connection_proxy and _level were saved in class variables.
Proxy contains the real connections, so they are shared across all
threads.

The bug was found because it caused intermittent failures with
cucumber+phantomjs specs. This setup runs a webapp in a thread and runs
the cucumber specs in a different threads and it causes a race
condition.

There a case could made for making force_slave_reads thread safe too.
9df59ac
@libc libc Bump rails dependency to 3.2.9 in the gemspec a092487
@libc libc Merge remote-tracking branch 'upstream/master' 795e94f
@libc libc Add dependency for mysql version.
Rails 3.2.9 requires mysql to be ~> 2.8.2, master requires it to be ~>
2.9 and 3-2-stable branch requires it to be ~> 2.8.

Which means that the latest to date mysql version (2.9.0) does not work
with 3.2.9, but works with master and 3-2-stable. This commit add
requirement to the Gemfile.
f28c620
@tijn tijn Merge remote-tracking branch 'kovyrin/master'
I merged in kovyrin's changes after this Rails vulnaribility was discovered:
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

Kovyrin basically whitelisted Rails 3.2.10 in this commit: b17862f

Conflicts:
	test-project/Gemfile
0d5216d
Tijn Schuurmans Update gemspec to accept Rails 3.2.11
Rails got updated because of a parameter parsing vulnerability 
CVE-2013-0156

https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
2854adb

libc closed this Jan 14, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment