Bump rails from 5.2.3 to 5.2.4.5
Bumps rails from 5.2.3 to 5.2.4.5.
Release notes
Sourced from rails's releases.
5.2.4.5
Active Support
- No changes.
Active Model
- No changes.
Active Record
Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used for validating the money format in the PostgreSQL adapter. This patch fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
Aaron Patterson
Action View
- No changes.
Action Pack
- No changes.
Active Job
- No changes.
Action Mailer
... (truncated)
- No changes.
Commits
-
dc7364b
Preparing for 5.2.4.5 release -
bf0ef9d
Fix possible DoS vector in PostgreSQL money type -
404ad9e
v5.2.4.4 -
aaa7ab1
Fix XSS vulnerability intranslate
helper -
7b5cc5a
Preparing for 5.2.4.3 release -
559cce2
updating changelog -
3c806b9
bumping version -
9cb66f6
update changelog -
fbc7bec
Check that request is same-origin prior to including CSRF token in XHRs -
d124f19
HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a ... - Additional commits viewable in compare view