-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE 2022 3704 fix #46466
Closed
Closed
CVE 2022 3704 fix #46466
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…xists Fix `remove_foreign_key` with `:if_exists` option when foreign key actually exists
fix activestorage update
If for some reason the files that defined those constants were loaded before the `after_initialize` block, the values of the configuration would not be applied. With this new implementation we always use the configuration value, so the order things are defined doesn't matter.
Remove unmaintained francesc/rails-translate-routes gem
Fix ChatRelayJob definition in Testing Guide [ci-skip] (cherry picked from commit c3d4ab0)
…g-existing-classes-using-active-support-concern Fix typo in engines guide for reopening existing classes using concern [ci-skip] (cherry picked from commit e44d080)
…in-active-support-key-generator Fixed rdoc typo highlighting for ActiveSupport::KeyGenerator class [ci-skip] (cherry picked from commit a15543a)
Improve autoloading_and_reloading_constants.md [ci-skip] (cherry picked from commit 0a2ba78)
…ezone-rdoc-activesupport More rdoc improvements to activesupport [ci-skip] (cherry picked from commit 5de5583)
…ct-prompt Fix a bug with time_select and prompts
Allow relative redirects when `raise_on_open_redirects` is enabled
…-for-namespaced-controllers Use `controller_class_path` in `Rails::Generators::NamedBase#route_url`
…multiple-databases
Fixed MariaDB default function
…ompat Fix migrations compatibility for polymorphic references default index name
Fix typo: NodeJS -> Node.js [ci-skip]
changed example cookie rotator to be in after_initialize block
…m-versions Fix `#version` method docs and some typos [ci-skip]
…adcast Fix TaggedLogging functionality when broadcasting to another logger:
…ings-when-provided Only configure smtp_settings if provided on configuration
Get rid of `MySQL::SchemaStatements#create_table_sql`
[DOC] Introduce concerns example in Getting Started [ci-skip] (cherry picked from commit da91d1c)
Rails 6.0 and Rails 6.1 didn't support the undocumented `before_remove_const` in `zeitwerk` mode. I noticed this cleanup in AR was not being executed, and restored the original code for Rails 7. However, invoking `respond_to?` in an `on_unload` callback may have unexpected side-effects, as seen in rails#44125. So, this patch reimplements the cleanup in a more modern way. Fixes rails#44125.
…sic to Zeitwerk HOWTO
(cherry picked from commit 992ead1)
(cherry picked from commit dce8b7f)
(cherry picked from commit b55f079)
(cherry picked from commit fc7225a)
(cherry picked from commit a95438c)
(cherry picked from commit 7e884e2)
(cherry picked from commit 7563be4)
(cherry picked from commit 2e9efbb)
This makes "Connection Pool Options" a subsection of "Configuration", instead of a subsection of "ActiveSupport::Cache::Store". This also makes "Custom Cache Stores" its own section after all of the built-in stores, instead of a subsection of "ActiveSupport::Cache::Store". (cherry picked from commit 0c97d1d)
Fix actiontext js not pointing to compiled file
Replace MutexHook by MonitorHook to allow reentrancy
Redis 3.0 compatiblity is preserved in Action Cable Redis 4.0 compatiblity is preserved in Active Support
Backport Redis 5.0 compatibility (7-0-stable)
Fixes rails#45868 by Using #to_hash to serialize `AS::HWIA` for stored attributes
Stop gap solution for long output on test cases
Install specific version of codespell
Lock que version to v1 until rails#45899 is resolved
…-guide-internal-link-errors Make internal links to `errors` in the Active Record Validations guide
Add missing documentation for Rails.error
…ureing Fix typo in "Configuring Rails Applications" guide [ci-skip]
…y_downloads_files_larger_5mb Fixes ActiveStorage proxy downloads of files over 5mb in S3-like storages
Fix eql? of AC::Parameters to match hash
…gger-broadcast" This reverts commit 31925f5. This was causing tags to leak to the broadcast logger when `tagged` without a block is used. Fix rails#45854.
Fix ServerTiming in Threads, use single subscriber
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation / Background
This Pull Request has been created because #46244
Detail
This PR Contains a fix similar to the one proposed by @codergeek121 for CVE-2022-3704
Additional information
Checklist
Before submitting the PR make sure the following are checked:
[Fix #issue-number]