Hello community, here is the log from the commit of package rubygem-actionpack-6.0 for openSUSE:Factory checked in at 2020-06-25 15:10:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-6.0.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionpack-6.0" Thu Jun 25 15:10:28 2020 rev:8 rq:817005 version:6.0.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-actionpack-6.0/rubygem-actionpack-6.0.changes 2020-05-28 09:18:53.825162413 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-6.0.new.3060/rubygem-actionpack-6.0.changes 2020-06-25 15:11:05.278054335 +0200 @@ -1,0 +2,7 @@ +Thu Jun 25 09:37:10 UTC 2020 - Manuel Schnitzer <mschnit...@suse.com> + +- updated to version 6.0.3.2 + + * CVE-2020-8185: Only allow ActionableErrors if show_detailed_exceptions is enabled + +------------------------------------------------------------------- Old: ---- actionpack-6.0.3.1.gem New: ---- actionpack-6.0.3.2.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-actionpack-6.0.spec ++++++ --- /var/tmp/diff_new_pack.QbnrNw/_old 2020-06-25 15:11:06.162057108 +0200 +++ /var/tmp/diff_new_pack.QbnrNw/_new 2020-06-25 15:11:06.166057121 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-6.0 -Version: 6.0.3.1 +Version: 6.0.3.2 Release: 0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} ++++++ actionpack-6.0.3.1.gem -> actionpack-6.0.3.2.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2020-05-18 17:45:55.000000000 +0200 +++ new/CHANGELOG.md 2020-06-17 16:52:56.000000000 +0200 @@ -1,3 +1,7 @@ +## Rails 6.0.3.2 (June 17, 2020) ## + +* [CVE-2020-8185] Only allow ActionableErrors if show_detailed_exceptions is enabled + ## Rails 6.0.3.1 (May 18, 2020) ## * [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_dispatch/middleware/actionable_exceptions.rb new/lib/action_dispatch/middleware/actionable_exceptions.rb --- old/lib/action_dispatch/middleware/actionable_exceptions.rb 2020-05-18 17:45:55.000000000 +0200 +++ new/lib/action_dispatch/middleware/actionable_exceptions.rb 2020-06-17 16:52:56.000000000 +0200 @@ -23,7 +23,7 @@ private def actionable_request?(request) - request.show_exceptions? && request.post? && request.path == endpoint + request.get_header("action_dispatch.show_detailed_exceptions") && request.post? && request.path == endpoint end def redirect_to(location) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_pack/gem_version.rb new/lib/action_pack/gem_version.rb --- old/lib/action_pack/gem_version.rb 2020-05-18 17:45:55.000000000 +0200 +++ new/lib/action_pack/gem_version.rb 2020-06-17 16:52:56.000000000 +0200 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 3 - PRE = "1" + PRE = "2" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2020-05-18 17:45:55.000000000 +0200 +++ new/metadata 2020-06-17 16:52:56.000000000 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionpack version: !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 platform: ruby authors: - David Heinemeier Hansson -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2020-05-18 00:00:00.000000000 Z +date: 2020-06-17 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 - !ruby/object:Gem::Dependency name: rack requirement: !ruby/object:Gem::Requirement @@ -98,28 +98,28 @@ requirements: - - '=' - !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server. email: da...@loudthinking.com @@ -310,11 +310,11 @@ - MIT metadata: bug_tracker_uri: https://github.com/rails/rails/issues - changelog_uri: https://github.com/rails/rails/blob/v6.0.3.1/actionpack/CHANGELOG.md - documentation_uri: https://api.rubyonrails.org/v6.0.3.1/ + changelog_uri: https://github.com/rails/rails/blob/v6.0.3.2/actionpack/CHANGELOG.md + documentation_uri: https://api.rubyonrails.org/v6.0.3.2/ mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk - source_code_uri: https://github.com/rails/rails/tree/v6.0.3.1/actionpack -post_install_message: + source_code_uri: https://github.com/rails/rails/tree/v6.0.3.2/actionpack +post_install_message: rdoc_options: [] require_paths: - lib @@ -331,7 +331,7 @@ requirements: - none rubygems_version: 3.1.2 -signing_key: +signing_key: specification_version: 4 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails). test_files: []