Upgrading from 3.0.10

Matthew Hutchinson edited this page Apr 11, 2018 · 2 revisions

Due to a security hole that could allow bots to by-pass textcaptcha's, it was necessary to re-engineer the gem for the v4.0.0 release.

Thanks to Jeffrey Lim for spotting this and raising the issue.

Upgrading is straightforward;

  • Rename spam_question to textcaptcha_question

  • Rename spam_answer to textcaptcha_answer

  • Any strong parameter calls should include the textcaptcha_answer and textcaptcha_key fields;

    params.require(:comment).permit(:textcaptcha_answer, :textcaptcha_key, ... )