Bump rails from 5.2.3 to 5.2.4.3
Bumps rails from 5.2.3 to 5.2.4.3.
Release notes
Sourced from rails's releases.
5.2.4.3
Active Support
[CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
[CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
Active Model
- No changes.
Active Record
- No changes.
Action View
- [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Action Pack
[CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
[CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
... (truncated)
Commits
-
7b5cc5aPreparing for 5.2.4.3 release -
559cce2updating changelog -
3c806b9bumping version -
9cb66f6update changelog -
fbc7becCheck that request is same-origin prior to including CSRF token in XHRs -
d124f19HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a ... -
467e339activesupport: Deprecate Marshal.load on raw cache read in RedisCacheStore -
f7e077factivesupport: Avoid Marshal.load on raw cache value in MemCacheStore -
7a3ee4fReturn self when calling #each, #each_pair, and #each_value instead of the ra... -
e8df564Include Content-Length in signature for ActiveStorage direct upload - Additional commits viewable in compare view