2021-09-25 02:47:26 by David A. Holland | Files touched by this commit (1) |
Log message:
typo in error message
|
2021-07-21 16:39:05 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
lang/ruby: switch defult Ruby's version to 2.7
Switch default Ruby's version from 2.6 to 2.7.
|
2021-07-13 13:53:25 by Mark Davies | Files touched by this commit (1) |
Log message:
ruby: fix substution on rails ALTERNATIVES files
|
2021-07-07 18:11:57 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/ruby: make sure to update ruby30's version
|
2021-07-07 18:10:01 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
lang/ruby30-base: update to 3.0.2
Ruby 3.0.2 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
See the commit logs for details:
<https://github.com/ruby/ruby/compare/v3_0_1...v3_0_2>.
|
2021-07-07 17:23:08 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/ruby27-base: update to 2.7.4
Ruby 2.7.4 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
See the commit logs for details:
<https://github.com/ruby/ruby/compare/v2_7_3...v2_7_4>.
|
2021-07-07 17:15:19 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/ruby26-base: update to 2.6.8
Ruby 2.6.8 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
We ordinally do not fix Ruby 2.6 except security fixes, but this
release also includes some regressed bugs and build problem fixes.
See the commit logs for details.
Ruby 2.6 is now under the state of the security maintenance phase,
until the end of March of 2022. After that date, maintenance of Ruby
2.6 will be ended. We recommend you start planning the migration to
newer versions of Ruby, such as 3.0 or 2.7.
|
2021-07-04 09:55:12 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/ruby: start update of Ruby on Rails 61 to 6.1.4
|
2021-07-04 08:58:38 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails60: update to 6.0.4
Ruby on Rails 6.0.4 (2021-06-15), including security fixes.
Active Support
* Fixed issue in ActiveSupport::Cache::RedisCacheStore not passing
options to read_multi causing fetch_multi to not work properly.
(Rajesh Sharma)
* with_options copies its options hash again to avoid leaking mutations.
Fixes #39343. (Eugene Kenny)
Active Record
* Only warn about negative enums if a positive form that would cause
conflicts exists. Fixes #39065. (Alex Ghiculescu)
* Allow the inverse of a has_one association that was previously
autosaved to be loaded. Fixes #34255. (Steven Weber)
* Reset statement cache for association if table_name is changed.
Fixes #36453. (Ryuta Kamizono)
* Type cast extra select for eager loading. (Ryuta Kamizono)
* Prevent collection associations from being autosaved multiple times.
Fixes #39173. (Eugene Kenny)
* Resolve issue with insert_all unique_by option when used with
expression index.
When the :unique_by option of ActiveRecord::Persistence.insert_all
and ActiveRecord::Persistence.upsert_all was used with the name of
an expression index, an error was raised. Adding a guard around the
formatting behavior for the :unique_by corrects this.
Usage:
create_table :books, id: :integer, force: true do |t|
t.column :name, :string
t.index "lower(name)", unique: true
end
Book.insert_all [{ name: "MyTest" }], unique_by: \
:index_books_on_lower_name
Fixes #39516. (Austen Madden)
* Fix preloading for polymorphic association with custom scope.
(Ryuta Kamizono)
* Allow relations with different SQL comments in the or method.
(Takumi Shotoku)
* Resolve conflict between counter cache and optimistic locking.
Bump an Active Record instance's lock version after updating its
counter cache. This avoids raising an unnecessary
ActiveRecord::StaleObjectError upon subsequent transactions by
maintaining parity with the corresponding database record's
lock_version column. Fixes #16449. (Aaron Lipman)
* Fix through association with source/through scope which has joins.
(Ryuta Kamizono)
* Fix through association to respect source scope for includes/preload.
(Ryuta Kamizono)
* Fix eager load with Arel joins to maintain the original joins order.
(Ryuta Kamizono)
* Fix group by count with eager loading + order + limit/offset.
(Ryuta Kamizono)
* Fix left joins order when merging multiple left joins from different
associations. (Ryuta Kamizono)
* Fix index creation to preserve index comment in bulk change table on
MySQL. (Ryuta Kamizono)
* Change remove_foreign_key to not check :validate option if database
doesn't support the feature. (Ryuta Kamizono)
* Fix the result of aggregations to maintain duplicated "group by"
fields. (Ryuta Kamizono)
* Do not return duplicated records when using preload. (Bogdan Gusiev)
Action View
* SanitizeHelper.sanitized_allowed_attributes and
SanitizeHelper.sanitized_allowed_tags call safe_list_sanitizer's
class method. Fixes #39586. (Taufiq Muhammadi)
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
* Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In Rails 6.1, we generate Base64 urlsafe-encoded CSRF tokens, which
are inherently safe to transport. Validation accepts both urlsafe
tokens, and strict-encoded tokens for backwards compatibility.
In Rails 5.2.5, the CSRF token format is accidentally changed to
urlsafe-encoded. If you upgrade apps from 5.2.5, set the config
urlsafe_csrf_tokens = true.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
(Scott Blum, Étienne Barrié)
* Signed and encrypted cookies can now store false as their value when
action_dispatch.use_cookies_with_metadata is enabled. (Rolandas
Barysas)
Active Storage
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print
margins. This matches the behavior of the MuPDF previewer. (Vincent
Robert)
Railties
* Allow relative paths with trailing slashes to be passed to rails
test. (Eugene Kenny)
* Return a 405 Method Not Allowed response when a request uses an
unknown HTTP method. Fixes #38998. (Loren Norman)
|
2021-07-04 08:24:47 by Takahiro Kambe | Files touched by this commit (12) | |
Log message:
www/ruby-rails52: update to 5.2.6
Ruby on Rails 5.2.6 (2021-05-05)
There are changes in www/ruby-actionpack52 only, including security fix.
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In this version, we generate Base64 urlsafe-encoded CSRF tokens,
which are inherently safe to transport. Validation accepts both
urlsafe tokens, and strict-encoded tokens for backwards
compatibility.
How the tokes are encoded is controllr by the
action_controller.urlsafe_csrf_tokens config.
In Rails 5.2.5, the CSRF token format was accidentally changed to
urlsafe-encoded.
Atention: If you already upgraded your application to 5.2.5, set the
config urlsafe_csrf_tokens to true, otherwise your form submission
will start to fail during the deploy of this new version.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
If you are upgrading from 5.2.4.x, you don't need to change this
configuration.
Scott Blum, Étienne Barrié
|