From 24ab200e26f7faee1f04a1d37b650e0becb79a41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 27 Nov 2018 14:37:21 -0500 Subject: [PATCH] Preparing for 5.1.6.1 release --- Gemfile.lock | 78 +++++++++---------- RAILS_VERSION | 2 +- actioncable/CHANGELOG.md | 5 ++ actioncable/lib/action_cable/gem_version.rb | 2 +- actioncable/package.json | 2 +- actionmailer/CHANGELOG.md | 5 ++ actionmailer/lib/action_mailer/gem_version.rb | 2 +- actionpack/CHANGELOG.md | 5 ++ actionpack/lib/action_pack/gem_version.rb | 2 +- actionview/CHANGELOG.md | 5 ++ actionview/lib/action_view/gem_version.rb | 2 +- actionview/package.json | 2 +- activejob/CHANGELOG.md | 12 +++ activejob/lib/active_job/gem_version.rb | 2 +- activemodel/CHANGELOG.md | 5 ++ activemodel/lib/active_model/gem_version.rb | 2 +- activerecord/CHANGELOG.md | 5 ++ activerecord/lib/active_record/gem_version.rb | 2 +- activesupport/CHANGELOG.md | 5 ++ .../lib/active_support/gem_version.rb | 2 +- guides/CHANGELOG.md | 5 ++ railties/CHANGELOG.md | 5 ++ railties/lib/rails/gem_version.rb | 2 +- version.rb | 2 +- 24 files changed, 109 insertions(+), 52 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 61edd6caa53b9..2b176c480df9a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,58 +26,58 @@ GIT PATH remote: . specs: - actioncable (5.1.6) - actionpack (= 5.1.6) + actioncable (5.1.6.1) + actionpack (= 5.1.6.1) nio4r (~> 2.0) websocket-driver (~> 0.6.1) - actionmailer (5.1.6) - actionpack (= 5.1.6) - actionview (= 5.1.6) - activejob (= 5.1.6) + actionmailer (5.1.6.1) + actionpack (= 5.1.6.1) + actionview (= 5.1.6.1) + activejob (= 5.1.6.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.6) - actionview (= 5.1.6) - activesupport (= 5.1.6) + actionpack (5.1.6.1) + actionview (= 5.1.6.1) + activesupport (= 5.1.6.1) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.6) - activesupport (= 5.1.6) + actionview (5.1.6.1) + activesupport (= 5.1.6.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.6) - activesupport (= 5.1.6) + activejob (5.1.6.1) + activesupport (= 5.1.6.1) globalid (>= 0.3.6) - activemodel (5.1.6) - activesupport (= 5.1.6) - activerecord (5.1.6) - activemodel (= 5.1.6) - activesupport (= 5.1.6) + activemodel (5.1.6.1) + activesupport (= 5.1.6.1) + activerecord (5.1.6.1) + activemodel (= 5.1.6.1) + activesupport (= 5.1.6.1) arel (~> 8.0) - activesupport (5.1.6) + activesupport (5.1.6.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - rails (5.1.6) - actioncable (= 5.1.6) - actionmailer (= 5.1.6) - actionpack (= 5.1.6) - actionview (= 5.1.6) - activejob (= 5.1.6) - activemodel (= 5.1.6) - activerecord (= 5.1.6) - activesupport (= 5.1.6) + rails (5.1.6.1) + actioncable (= 5.1.6.1) + actionmailer (= 5.1.6.1) + actionpack (= 5.1.6.1) + actionview (= 5.1.6.1) + activejob (= 5.1.6.1) + activemodel (= 5.1.6.1) + activerecord (= 5.1.6.1) + activesupport (= 5.1.6.1) bundler (>= 1.3.0) - railties (= 5.1.6) + railties (= 5.1.6.1) sprockets-rails (>= 2.0.0) - railties (5.1.6) - actionpack (= 5.1.6) - activesupport (= 5.1.6) + railties (5.1.6.1) + actionpack (= 5.1.6.1) + activesupport (= 5.1.6.1) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -139,7 +139,7 @@ GEM concurrent-ruby (1.0.5) connection_pool (2.2.1) cookiejar (0.3.3) - crass (1.0.3) + crass (1.0.4) curses (1.0.2) daemons (1.2.4) dalli (2.7.6) @@ -189,7 +189,7 @@ GEM activesupport (>= 4.2.0) hiredis (0.6.1) http_parser.rb (0.6.0) - i18n (1.0.0) + i18n (1.1.1) concurrent-ruby (~> 1.0) jquery-rails (4.3.1) rails-dom-testing (>= 1, < 3) @@ -204,13 +204,13 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) metaclass (0.0.4) - method_source (0.9.0) + method_source (0.9.2) mini_mime (0.1.3) mini_portile2 (2.3.0) minitest (5.3.3) @@ -224,7 +224,7 @@ GEM mysql2 (0.5.0) mysql2 (0.5.0-x64-mingw32) mysql2 (0.5.0-x86-mingw32) - nio4r (2.3.0) + nio4r (2.3.1) nokogiri (1.8.2) mini_portile2 (~> 2.3.0) nokogiri (1.8.2-x64-mingw32) @@ -440,4 +440,4 @@ DEPENDENCIES websocket-client-simple! BUNDLED WITH - 1.16.1 + 1.17.1 diff --git a/RAILS_VERSION b/RAILS_VERSION index 8710cfdff2f3f..033aed59726b5 100644 --- a/RAILS_VERSION +++ b/RAILS_VERSION @@ -1 +1 @@ -5.1.6 +5.1.6.1 diff --git a/actioncable/CHANGELOG.md b/actioncable/CHANGELOG.md index ab8c4d0e2ec1b..5d5be7fd10b7e 100644 --- a/actioncable/CHANGELOG.md +++ b/actioncable/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. diff --git a/actioncable/lib/action_cable/gem_version.rb b/actioncable/lib/action_cable/gem_version.rb index f795c534cb714..ad6da62195375 100644 --- a/actioncable/lib/action_cable/gem_version.rb +++ b/actioncable/lib/action_cable/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/actioncable/package.json b/actioncable/package.json index 1e7023454e678..1c93c6394d9cf 100644 --- a/actioncable/package.json +++ b/actioncable/package.json @@ -1,6 +1,6 @@ { "name": "actioncable", - "version": "5.1.6", + "version": "5.1.6-1", "description": "WebSocket framework for Ruby on Rails.", "main": "lib/assets/compiled/action_cable.js", "files": [ diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md index b3ae93b23ff5f..f5e7da0533633 100644 --- a/actionmailer/CHANGELOG.md +++ b/actionmailer/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. diff --git a/actionmailer/lib/action_mailer/gem_version.rb b/actionmailer/lib/action_mailer/gem_version.rb index dc7f5bcb67adf..1c1b08b97c839 100644 --- a/actionmailer/lib/action_mailer/gem_version.rb +++ b/actionmailer/lib/action_mailer/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 82da9241d26c8..cb807ca671751 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * Check exclude before flagging cookies as secure. diff --git a/actionpack/lib/action_pack/gem_version.rb b/actionpack/lib/action_pack/gem_version.rb index 367902d41d5a2..a23e6eaf8576d 100644 --- a/actionpack/lib/action_pack/gem_version.rb +++ b/actionpack/lib/action_pack/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 2d99ee1c153b3..af8d780385c76 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. diff --git a/actionview/lib/action_view/gem_version.rb b/actionview/lib/action_view/gem_version.rb index 6e0b7f98cc996..31076607e8462 100644 --- a/actionview/lib/action_view/gem_version.rb +++ b/actionview/lib/action_view/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/actionview/package.json b/actionview/package.json index 0b6216a4c0d53..52fd8f684e18a 100644 --- a/actionview/package.json +++ b/actionview/package.json @@ -1,6 +1,6 @@ { "name": "rails-ujs", - "version": "5.1.6", + "version": "5.1.6-1", "description": "Ruby on Rails unobtrusive scripting adapter", "main": "lib/assets/compiled/rails-ujs.js", "files": [ diff --git a/activejob/CHANGELOG.md b/activejob/CHANGELOG.md index 31cacf07accd8..836bc03ebfeb0 100644 --- a/activejob/CHANGELOG.md +++ b/activejob/CHANGELOG.md @@ -1,3 +1,15 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* Do not deserialize GlobalID objects that were not generated by Active Job. + + Trusting any GlobaID object when deserializing jobs can allow attackers to access + information that should not be accessible to them. + + Fix CVE-2018-16476. + + *Rafael Mendonça França* + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. diff --git a/activejob/lib/active_job/gem_version.rb b/activejob/lib/active_job/gem_version.rb index 5cfb0c7e35acf..81c5d28e57a26 100644 --- a/activejob/lib/active_job/gem_version.rb +++ b/activejob/lib/active_job/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index 1dab4df8d53d4..24bf3df8837cd 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. diff --git a/activemodel/lib/active_model/gem_version.rb b/activemodel/lib/active_model/gem_version.rb index f8b791463d916..c4f738cdd44c9 100644 --- a/activemodel/lib/active_model/gem_version.rb +++ b/activemodel/lib/active_model/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 3b6c6008f04d9..5481ad7634ff1 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * MySQL: Support mysql2 0.5.x. diff --git a/activerecord/lib/active_record/gem_version.rb b/activerecord/lib/active_record/gem_version.rb index b5ce3dd6da474..23961befe0112 100644 --- a/activerecord/lib/active_record/gem_version.rb +++ b/activerecord/lib/active_record/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index 537d90a34c376..6a4d71d5d36ee 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * Return all mappings for a timezone identifier in `country_zones` diff --git a/activesupport/lib/active_support/gem_version.rb b/activesupport/lib/active_support/gem_version.rb index 7c7b085f6975f..14e2f8f570282 100644 --- a/activesupport/lib/active_support/gem_version.rb +++ b/activesupport/lib/active_support/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/guides/CHANGELOG.md b/guides/CHANGELOG.md index 70b638af47480..b0dc024fffa61 100644 --- a/guides/CHANGELOG.md +++ b/guides/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index adba475f74b6d..9cf6a5e3770d3 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.1.6 (March 29, 2018) ## * Fix check for minimum Ruby version to correctly identify Ruby 2.2.10. diff --git a/railties/lib/rails/gem_version.rb b/railties/lib/rails/gem_version.rb index 3bb456a0320d6..6a3c600ecc8df 100644 --- a/railties/lib/rails/gem_version.rb +++ b/railties/lib/rails/gem_version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff --git a/version.rb b/version.rb index 3bb456a0320d6..6a3c600ecc8df 100644 --- a/version.rb +++ b/version.rb @@ -8,7 +8,7 @@ module VERSION MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end