Bump rails from 5.2.3 to 5.2.4.5 (!1267) · Merge requests · David Rodríguez / nipanipa

NipaNipa requested to merge dependabot/bundler/rails-5.2.4.5 into master Feb 11, 2021

Bumps rails from 5.2.3 to 5.2.4.5.

Release notes

5.2.4.5

Active Support

No changes.

Active Model

No changes.

Active Record

Fix possible DoS vector in PostgreSQL money type

Carefully crafted input can cause a DoS via the regular expressions used for validating the money format in the PostgreSQL adapter. This patch fixes the regexp.

Thanks to @dee-see from Hackerone for this patch!

[CVE-2021-22880]

Aaron Patterson

Action View

No changes.

Action Pack

No changes.

Active Job

No changes.

Action Mailer

No changes.

... (truncated)

Commits

dc7364b Preparing for 5.2.4.5 release
bf0ef9d Fix possible DoS vector in PostgreSQL money type
404ad9e v5.2.4.4
aaa7ab1 Fix XSS vulnerability in translate helper
7b5cc5a Preparing for 5.2.4.3 release
559cce2 updating changelog
3c806b9 bumping version
9cb66f6 update changelog
fbc7bec Check that request is same-origin prior to including CSRF token in XHRs
d124f19 HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a ...
Additional commits viewable in compare view

Bump rails from 5.2.3 to 5.2.4.5

5.2.4.5

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Merge request reports