Skip to content

6.0.3.1
Compare
Choose a tag to compare
@rafaelfranca rafaelfranca released this 16 Jun 03:12
v6.0.3.1
This tag was signed with the committer’s verified signature.
tenderlove Aaron Patterson
GPG key ID: 953170BCB4FFAFC6
Learn about vigilant mode.
34991a6
This commit was signed with the committer’s verified signature.
tenderlove Aaron Patterson
GPG key ID: 953170BCB4FFAFC6
Learn about vigilant mode.

Active Support

  • [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore

  • [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs

Action Pack

  • [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token

  • [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.
Assets 2
Loading