Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CHANGELOGs for 5.2.2.1 release #35708

Merged
merged 1 commit into from Mar 22, 2019
Merged

Update CHANGELOGs for 5.2.2.1 release #35708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 10 additions & 1 deletion actionview/CHANGELOG.md
View file
Open in desktop
Expand Up @@ -13,7 +13,16 @@

## Rails 5.2.2.1 (March 11, 2019) ##

* No changes.
* Only accept formats from registered mime types

A lack of filtering on mime types could allow an a attacker to read
arbitrary files on the target server or to perform a denial of service
attack.

Fixes CVE-2019-5418
Fixes CVE-2019-5419

*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*


## Rails 5.2.2 (December 04, 2018) ##
Expand Down
11 changes: 10 additions & 1 deletion railties/CHANGELOG.md
View file
Open in desktop
Expand Up @@ -9,7 +9,16 @@

## Rails 5.2.2.1 (March 11, 2019) ##

* No changes.
* Generate random development secrets

A random development secret is now generated to tmp/development_secret.txt

This avoids an issue where development mode servers were vulnerable to
remote code execution.

Fixes CVE-2019-5420

*Eileen M. Uchitelle*, *Aaron Patterson*, *John Hawthorn*


## Rails 5.2.2 (December 04, 2018) ##
Expand Down