pkgsrc.se | The NetBSD package collection

./www/ruby-rails70, Full-stack web application framework, Rails 7.0

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2022Q2, Version: 7.0.3.1, Package name: ruby27-rails70-7.0.3.1, Maintainer: pkgsrc-users

Ruby on Rails

Rails is a web-application framework that includes everything needed to
create database-backed web applications according to the
Model-View-Controller (MVC) pattern.

This is meta gem package for Ruby on Rails 7.0.

Master sites:

https://rubygems.org/gems/ (Download)

Filesize: 6.5 KB

Version history: (Expand)

(2022-07-24) Updated to version: ruby27-rails70-7.0.3.1
(2022-06-30) Package added to pkgsrc.se, version ruby27-rails70-7.0.3 (created)

CVS history: (Expand)

2022-07-23 21:40:55 by S.P.Zeidler | Files touched by this commit (15) | Package updated

Log message:
Pullup ticket #6656 - requested by taca
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update

Revisions pulled up:
- databases/ruby-activerecord70/distinfo                        1.7
- devel/ruby-activejob70/distinfo                               1.7
- devel/ruby-activemodel70/distinfo                             1.7
- devel/ruby-activestorage70/distinfo                           1.7
- devel/ruby-activesupport70/distinfo                           1.7
- devel/ruby-railties70/Makefile                                1.5
- devel/ruby-railties70/distinfo                                1.7
- lang/ruby/rails.mk                                            1.132
- mail/ruby-actionmailbox70/distinfo                            1.7
- mail/ruby-actionmailer70/distinfo                             1.7
- textproc/ruby-actiontext70/distinfo                           1.7
- www/ruby-actioncable70/distinfo                               1.7
- www/ruby-actionpack70/distinfo                                1.7
- www/ruby-actionview70/distinfo                                1.7
- www/ruby-rails70/distinfo                                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jul 13 14:48:48 UTC 2022

   Modified Files:
   	pkgsrc/databases/ruby-activerecord70: distinfo
   	pkgsrc/devel/ruby-activejob70: distinfo
   	pkgsrc/devel/ruby-activemodel70: distinfo
   	pkgsrc/devel/ruby-activestorage70: distinfo
   	pkgsrc/devel/ruby-activesupport70: distinfo
   	pkgsrc/devel/ruby-railties70: Makefile distinfo
   	pkgsrc/lang/ruby: rails.mk
   	pkgsrc/mail/ruby-actionmailbox70: distinfo
   	pkgsrc/mail/ruby-actionmailer70: distinfo
   	pkgsrc/textproc/ruby-actiontext70: distinfo
   	pkgsrc/www/ruby-actioncable70: distinfo
   	pkgsrc/www/ruby-actionpack70: distinfo
   	pkgsrc/www/ruby-actionview70: distinfo
   	pkgsrc/www/ruby-rails70: distinfo

   Log message:
   www/ruby-rails70: update to 7.0.3.1

   Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only.

   databases/ruby-activerecord70

   * Change ActiveRecord::Coders::YAMLColumn default to safe_load

     This adds two new configuration options The configuration options are as
     follows:

   	o config.active_storage.use_yaml_unsafe_load

     When set to true, this configuration option tells Rails to use the old
     "unsafe" YAML loading strategy, maintaining the existing behavior but
     leaving the possible escalation vulnerability in place.  Setting this
     option to true is *not* recommended, but can aid in upgrading.

   	o config.active_record.yaml_column_permitted_classes

     The "safe YAML" loading method does not allow all classes to be
     deserialized by default.  This option allows you to specify classes deemed
     "safe" in your application.  For example, if your application \ 
uses Symbol
     and Time in serialized data, you can add Symbol and Time to the allowed
     list as follows:

   	config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]

     [CVE-2022-32224]

   To generate a diff of this commit:
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/ruby-activerecord70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activejob70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activemodel70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activestorage70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activesupport70/distinfo
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-railties70/distinfo
   cvs rdiff -u -r1.131 -r1.132 pkgsrc/lang/ruby/rails.mk
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailbox70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailer70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/textproc/ruby-actiontext70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actioncable70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionpack70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionview70/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-rails70/distinfo