Hello community,
here is the log from the commit of package rubygem-actionpack-6.0 for
openSUSE:Factory checked in at 2020-06-25 15:10:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-6.0 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-6.0.new.3060 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionpack-6.0"
Thu Jun 25 15:10:28 2020 rev:8 rq:817005 version:6.0.3.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-6.0/rubygem-actionpack-6.0.changes
2020-05-28 09:18:53.825162413 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-6.0.new.3060/rubygem-actionpack-6.0.changes
2020-06-25 15:11:05.278054335 +0200
@@ -1,0 +2,7 @@
+Thu Jun 25 09:37:10 UTC 2020 - Manuel Schnitzer <mschnit...@suse.com>
+
+- updated to version 6.0.3.2
+
+ * CVE-2020-8185: Only allow ActionableErrors if show_detailed_exceptions is
enabled
+
+-------------------------------------------------------------------
Old:
----
actionpack-6.0.3.1.gem
New:
----
actionpack-6.0.3.2.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-actionpack-6.0.spec ++++++
--- /var/tmp/diff_new_pack.QbnrNw/_old 2020-06-25 15:11:06.162057108 +0200
+++ /var/tmp/diff_new_pack.QbnrNw/_new 2020-06-25 15:11:06.166057121 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-6.0
-Version: 6.0.3.1
+Version: 6.0.3.2
Release: 0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
++++++ actionpack-6.0.3.1.gem -> actionpack-6.0.3.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2020-05-18 17:45:55.000000000 +0200
+++ new/CHANGELOG.md 2020-06-17 16:52:56.000000000 +0200
@@ -1,3 +1,7 @@
+## Rails 6.0.3.2 (June 17, 2020) ##
+
+* [CVE-2020-8185] Only allow ActionableErrors if show_detailed_exceptions is
enabled
+
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be
used to reconstruct a per-form token
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_dispatch/middleware/actionable_exceptions.rb
new/lib/action_dispatch/middleware/actionable_exceptions.rb
--- old/lib/action_dispatch/middleware/actionable_exceptions.rb 2020-05-18
17:45:55.000000000 +0200
+++ new/lib/action_dispatch/middleware/actionable_exceptions.rb 2020-06-17
16:52:56.000000000 +0200
@@ -23,7 +23,7 @@
private
def actionable_request?(request)
- request.show_exceptions? && request.post? && request.path == endpoint
+ request.get_header("action_dispatch.show_detailed_exceptions") &&
request.post? && request.path == endpoint
end
def redirect_to(location)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_pack/gem_version.rb
new/lib/action_pack/gem_version.rb
--- old/lib/action_pack/gem_version.rb 2020-05-18 17:45:55.000000000 +0200
+++ new/lib/action_pack/gem_version.rb 2020-06-17 16:52:56.000000000 +0200
@@ -10,7 +10,7 @@
MAJOR = 6
MINOR = 0
TINY = 3
- PRE = "1"
+ PRE = "2"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2020-05-18 17:45:55.000000000 +0200
+++ new/metadata 2020-06-17 16:52:56.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionpack
version: !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
platform: ruby
authors:
- David Heinemeier Hansson
-autorequire:
+autorequire:
bindir: bin
cert_chain: []
-date: 2020-05-18 00:00:00.000000000 Z
+date: 2020-06-17 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 6.0.3.1
+ version: 6.0.3.2
description: Web apps on Rails. Simple, battle-tested conventions for building
and
testing MVC web applications. Works with any Rack-compatible server.
email: da...@loudthinking.com
@@ -310,11 +310,11 @@
- MIT
metadata:
bug_tracker_uri: https://github.com/rails/rails/issues
- changelog_uri:
https://github.com/rails/rails/blob/v6.0.3.1/actionpack/CHANGELOG.md
- documentation_uri: https://api.rubyonrails.org/v6.0.3.1/
+ changelog_uri:
https://github.com/rails/rails/blob/v6.0.3.2/actionpack/CHANGELOG.md
+ documentation_uri: https://api.rubyonrails.org/v6.0.3.2/
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
- source_code_uri: https://github.com/rails/rails/tree/v6.0.3.1/actionpack
-post_install_message:
+ source_code_uri: https://github.com/rails/rails/tree/v6.0.3.2/actionpack
+post_install_message:
rdoc_options: []
require_paths:
- lib
@@ -331,7 +331,7 @@
requirements:
- none
rubygems_version: 3.1.2
-signing_key:
+signing_key:
specification_version: 4
summary: Web-flow and rendering framework putting the VC in MVC (part of
Rails).
test_files: []
