Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport CVE-2019-5421 fix to 3.x #5043

Merged
merged 1 commit into from
Mar 26, 2019
Merged

Backport CVE-2019-5421 fix to 3.x #5043

merged 1 commit into from
Mar 26, 2019

Conversation

ouranos
Copy link

@ouranos ouranos commented Mar 14, 2019

See #4996

@ouranos ouranos changed the title Backport #4996 to 3.x Backport CVE-2019-5421 fix to 3.x Mar 14, 2019
iseessel
iseessel approved these changes Mar 15, 2019
View reviewed changes
Copy link

@iseessel iseessel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops...

tegon
tegon reviewed Mar 25, 2019
View reviewed changes
test/models/lockable_test.rb
initial_failed_attempts = user.failed_attempts
same_user = User.find(user.id)

user.valid_for_authentication?{ false }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just out of curiosity, what's the benefit of calling #valid_for_authentication? instead of #user.increment_failed_attempts?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Afaik increment_failed_attempts is not available in the 3-stable branch.
The incrementation is actually done in the valid_for_authentication? method

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, that's correct. That's my bad, sorry 😞

@tegon tegon merged commit fb48336 into heartcombo:3-stable Mar 26, 2019
@dy-cs
Copy link

dy-cs commented Mar 28, 2019

is there a timeline for when this fix will be released?

@tegon
Copy link
Member

tegon commented Mar 28, 2019
edited
Loading

@dy-cs There are no plans to release a version since 3.x is not officially maintained anymore. We do accept those backport pull requests so that people can grab the Gem directly from GitHub pointing to the 3-stable branch.

@dy-cs
Copy link

dy-cs commented Mar 29, 2019

@tegon gotcha. thanks for the reply!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tegon tegon tegon left review comments

@iseessel iseessel iseessel approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ouranos @dy-cs @tegon @iseessel