Skip to content

Commit

Permalink
update changelog
Browse files Browse the repository at this point in the history
  • Loading branch information
@tenderlove
tenderlove committed May 15, 2020
1 parent fbc7bec commit 9cb66f6
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 0 deletions.
5 changes: 5 additions & 0 deletions actionpack/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token

* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash


## Rails 5.2.4.1 (December 18, 2019) ##

* Fix possible information leak / session hijacking vulnerability.
Expand Down
3 changes: 3 additions & 0 deletions actionview/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs


## Rails 5.2.4.1 (December 18, 2019) ##

* No changes.
Expand Down
3 changes: 3 additions & 0 deletions activestorage/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload


## Rails 5.2.4.1 (December 18, 2019) ##

* No changes.
Expand Down
4 changes: 4 additions & 0 deletions activesupport/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore

* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore

## Rails 5.2.4.1 (December 18, 2019) ##

* No changes.
Expand Down

0 comments on commit 9cb66f6

Please sign in to comment.