v0.4.25 #710
nevans
announced in
Announcements
v0.4.25
#710
Replies: 1 comment
-
|
I'd somehow misremembered ruby's support for 3.3 as being critical security vulnerabilities only. So I never backported these fixes to |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Important
The
0.4.xrelease branch will only receive security fixes, and will be unsupported when ruby 3.3 is EOL.Please upgrade to a newer version.
What's Changed
Special thanks to @hsbt for backporting most of these PRs, in #707!
🔒 Security
This release fixes several more security vulnerabilities which are related to the fixes in
v0.4.24. Please see the linked security advisories for more information.This vulnerability depends how the server interprets non-synchronizing literals.
The connection is not vulnerable if the server supports non-synchronizing literals.
IDvalues contain only valid bytes (backports 🥅 ValidateIDvalues contain only valid bytes #698)#enablearguments are all atoms (backports 🥅 Validate#enablearguments are all atoms #699)NOTE:
#enableshould never be called with untrusted input.This results in the affected command hanging until the connection is closed. If another thread attempts to send a concurrent pipelined command, the first thread will return with a syntax error and the second thread will hang until the connection closes.
{0}in RawData validation (backports 🐛 Prevent trailing{0}in RawData validation #700)Fixed
#disconnect(backports 🧵 Fix deadlock in#disconnect#686)Documentation
Other Changes
#disconnectbefore waiting for lock & thread join #493)RawData.new, AddRawData.split(backports ♻️ ImproveRawData.new, AddRawData.split#679)Miscellaneous
FakeServer#Connection#closemutex (backports half of ✅ Fix flaky tests withFakeServer#Connection#closemutex #520New Contributors
Full Changelog: v0.4.24...v0.4.25
This discussion was created from the release v0.4.25.
Beta Was this translation helpful? Give feedback.
All reactions