diff --git a/Gemfile.lock b/Gemfile.lock index 668a26b81db6..ac314729d537 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,63 +26,63 @@ GIT PATH remote: . specs: - actioncable (5.2.8) - actionpack (= 5.2.8) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.8) - actionpack (= 5.2.8) - actionview (= 5.2.8) - activejob (= 5.2.8) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.8) - actionview (= 5.2.8) - activesupport (= 5.2.8) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.8) - activesupport (= 5.2.8) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.8) - activesupport (= 5.2.8) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (5.2.8) - activesupport (= 5.2.8) - activerecord (5.2.8) - activemodel (= 5.2.8) - activesupport (= 5.2.8) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) arel (>= 9.0) - activestorage (5.2.8) - actionpack (= 5.2.8) - activerecord (= 5.2.8) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) marcel (~> 1.0.0) - activesupport (5.2.8) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - rails (5.2.8) - actioncable (= 5.2.8) - actionmailer (= 5.2.8) - actionpack (= 5.2.8) - actionview (= 5.2.8) - activejob (= 5.2.8) - activemodel (= 5.2.8) - activerecord (= 5.2.8) - activestorage (= 5.2.8) - activesupport (= 5.2.8) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) bundler (>= 1.3.0) - railties (= 5.2.8) + railties (= 5.2.8.1) sprockets-rails (>= 2.0.0) - railties (5.2.8) - actionpack (= 5.2.8) - activesupport (= 5.2.8) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) diff --git a/RAILS_VERSION b/RAILS_VERSION index 614a37bb3dad..6442841df521 100644 --- a/RAILS_VERSION +++ b/RAILS_VERSION @@ -1 +1 @@ -5.2.8 +5.2.8.1 diff --git a/actioncable/CHANGELOG.md b/actioncable/CHANGELOG.md index cac6b825f1aa..21d0254102a4 100644 --- a/actioncable/CHANGELOG.md +++ b/actioncable/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md index 28d4c76a7132..fdcd02aaabec 100644 --- a/actionmailer/CHANGELOG.md +++ b/actionmailer/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index c0265b1c55dc..65ac828ce25b 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 392041a785ff..96edb37e6b19 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/activejob/CHANGELOG.md b/activejob/CHANGELOG.md index 9ee8d40ab6d9..0a59aa0b3524 100644 --- a/activejob/CHANGELOG.md +++ b/activejob/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index 4f87e6c2d713..01e77b376fe0 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 45314287ec8a..8e00744a3482 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,31 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* Change ActiveRecord::Coders::YAMLColumn default to safe_load + + This adds two new configuration options The configuration options are as + follows: + + * `config.active_storage.use_yaml_unsafe_load` + + When set to true, this configuration option tells Rails to use the old + "unsafe" YAML loading strategy, maintaining the existing behavior but leaving + the possible escalation vulnerability in place. Setting this option to true + is *not* recommended, but can aid in upgrading. + + * `config.active_record.yaml_column_permitted_classes` + + The "safe YAML" loading method does not allow all classes to be deserialized + by default. This option allows you to specify classes deemed "safe" in your + application. For example, if your application uses Symbol and Time in + serialized data, you can add Symbol and Time to the allowed list as follows: + + ``` + config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] + ``` + + [CVE-2022-32224] + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/activestorage/CHANGELOG.md b/activestorage/CHANGELOG.md index b3d2559f63bf..272ff5d51e16 100644 --- a/activestorage/CHANGELOG.md +++ b/activestorage/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index fd2bc7890b27..0dd7d397276a 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/guides/CHANGELOG.md b/guides/CHANGELOG.md index 0ccb4965543b..e502dedf27f2 100644 --- a/guides/CHANGELOG.md +++ b/guides/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes. diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 2e0899369762..e844a6eb341f 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,8 @@ +## Rails 5.2.8.1 (July 12, 2022) ## + +* No changes. + + ## Rails 5.2.8 (May 09, 2022) ## * No changes.