6.0.3.1
Active Support
-
[CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
-
[CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
Active Model
- No changes.
Active Record
- No changes.
Action View
- [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Action Pack
-
[CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
-
[CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.