Skip to content

Commit

Permalink
Upgrade to rails 5.2.4.3 for some security fixes.
Browse files Browse the repository at this point in the history 
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
[CVE-2020-8167] CSRF Vulnerability in rails-ujs

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
  • Loading branch information
@jrafanie
jrafanie committed May 19, 2020
1 parent 7018bbb commit e9ba3e0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ gem "optimist", "~>3.0", :require => false
gem "pg", :require => false
gem "pg-dsn_parser", "~>0.1.0", :require => false
gem "query_relation", "~>0.1.0", :require => false
gem "rails", "~>5.2.4"
gem "rails", "~>5.2.4", ">=5.2.4.3"
gem "rails-i18n", "~>5.x"
gem "rake", ">=12.3.3", :require => false
gem "rest-client", "~>2.0.0", :require => false
Expand Down

0 comments on commit e9ba3e0

Please sign in to comment.