2021-05-08 16:08:57 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.3.2
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
|
2021-05-08 16:02:34 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails60: update to 6.0.3.7
Real changes are in www/ruby-actionpack60 only.
## Rails 6.0.3.7 (May 05, 2021) ##
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
|
2021-04-12 16:39:28 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
lang/ruby/rubyversion.mk: require quote
Require proper quote for previous addition to MAKEFLAGS.
|
2021-04-11 15:28:02 by Takahiro Kambe | Files touched by this commit (15) | |
Log message:
www/ruby-rails61: update to 6.1.3.1
Real changes are in devel/devel/ruby-activestorage61 only.
## Rails 6.1.3.1 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
|
2021-04-11 15:24:58 by Takahiro Kambe | Files touched by this commit (15) | |
Log message:
www/ruby-rails60: update to 6.0.3.6
Real changes are in devel/ruby-activestorage60 only.
## Rails 6.0.3.6 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
|
2021-04-11 15:20:09 by Takahiro Kambe | Files touched by this commit (13) | |
Log message:
www/ruby-rails52: update to 5.2.5
Real changes are in devel/ruby-activestorage52 only.
## Rails 5.2.5 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print margins. This
matches the behavior of the MuPDF previewer.
*Vincent Robert*
|
2021-04-11 14:43:17 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/ruby: reset PKGREVISION
Reset PKGREVISION with updates of all ruby{26,27,30}.
|
2021-04-11 14:36:28 by Takahiro Kambe | Files touched by this commit (5) | |
Log message:
lang/ruby30-base: update to 3.0.1
Ruby 3.0.1 Released (2021-04-05)
Ruby 3.0.1 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-28965: XML round-trip vulnerability in REXML
* CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
|
2021-04-11 14:32:03 by Takahiro Kambe | Files touched by this commit (5) | |
Log message:
lang/ruby27-base: update to 2.7.3
Ruby 2.7.3 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-28965: XML round-trip vulnerability in REXML
* CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
|
2021-04-11 14:28:38 by Takahiro Kambe | Files touched by this commit (6) | |
Log message:
lang/ruby26-base: update to 2.6.7
Ruby 2.6.7 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in
WEBrick
* CVE-2021-28965: XML round-trip vulnerability in REXML
See the commit logs for details.
By this release, we end the normal maintenance phase of Ruby 2.6, and Ruby
2.6 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.6 except security fixes. The term
of the security maintenance phase is scheduled for a year. Ruby 2.6 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 2.7
or 3.0.
|