Path to this page:
Subject: CVS commit: pkgsrc/devel/ruby-activejob51
From: Takahiro Kambe
Date: 2018-11-29 15:15:16
Message id: 20181129141516.F279BFB1F@cvs.NetBSD.org
Log Message:
devel/ruby-activejob51: update to 5.1.6.1
## Rails 5.1.6.1 (November 27, 2018) ##
* Do not deserialize GlobalID objects that were not generated by Active Job.
Trusting any GlobaID object when deserializing jobs can allow attackers to access
information that should not be accessible to them.
Fix CVE-2018-16476.
*Rafael Mendonça França*
Files: