- Jan 25, 2023
-
-
-
John Hawthorn authored
Fix cookie domain for `domain: all` on two letter single level TLD
-
- Jan 17, 2023
-
-
-
John Hawthorn authored
Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794]
-
John Hawthorn authored
[CVE-2023-22795]
-
John Hawthorn authored
[CVE-2023-22796]
-
sabulikia authored
[CVE-2023-22792]
-
wonda-tea-coffee authored
Disallow certain strings from `_url_host_allowed?` to avoid a redirect to malicious sites. [CVE-2023-22797]
-
Zack Deveau authored
Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566]
-
- Sep 09, 2022
-
-
-
John Hawthorn authored
Fix ServerTiming in Threads, use single subscriber
-
- Sep 08, 2022
-
-
Rafael Mendonça França authored
This reverts commit 31925f55. This was causing tags to leak to the broadcast logger when `tagged` without a block is used. Fix #45854.
-
- Sep 06, 2022
-
-
John Hawthorn authored
Fix eql? of AC::Parameters to match hash
-
Jean Boussier authored
Fixes ActiveStorage proxy downloads of files over 5mb in S3-like storages
-
- Sep 02, 2022
-
-
Ryuta Kamizono authored
Fix typo in "Configuring Rails Applications" guide [ci-skip]
-
Jean Boussier authored
Add missing documentation for Rails.error
-
- Sep 01, 2022
-
-
Rafael Mendonça França authored
Make internal links to `errors` in the Active Record Validations guide
-
- Aug 30, 2022
-
-
Yasuo Honda authored
Lock que version to v1 until #45899 is resolved
-
Yasuo Honda authored
Backport #45851
-
John Hawthorn authored
Install specific version of codespell
-
- Aug 29, 2022
-
-
Ryuta Kamizono authored
-
- Aug 24, 2022
-
-
Aaron Patterson authored
Stop gap solution for long output on test cases
-
Jean Boussier authored
Fixes #45868 by Using #to_hash to serialize `AS::HWIA` for stored attributes
-
- Aug 23, 2022
-
-
Jean Boussier authored
Backport Redis 5.0 compatibility (7-0-stable)
-
Jean Boussier authored
Redis 3.0 compatiblity is preserved in Action Cable Redis 4.0 compatiblity is preserved in Active Support
-
fatkodima authored
-
- Aug 19, 2022
-
-
Jean Boussier authored
Replace MutexHook by MonitorHook to allow reentrancy
-
- Aug 10, 2022
-
-
Rafael Mendonça França authored
Fix actiontext js not pointing to compiled file
-
- Aug 09, 2022
-
-
Jonathan Hefner authored
This makes "Connection Pool Options" a subsection of "Configuration", instead of a subsection of "ActiveSupport::Cache::Store". This also makes "Custom Cache Stores" its own section after all of the built-in stores, instead of a subsection of "ActiveSupport::Cache::Store". (cherry picked from commit 0c97d1db)
-
Jonathan Hefner authored
(cherry picked from commit 2e9efbb7)
-
Jonathan Hefner authored
(cherry picked from commit 7563be4d)
-
Jonathan Hefner authored
(cherry picked from commit 7e884e29)
-
Jonathan Hefner authored
(cherry picked from commit a95438ca)
-
Jonathan Hefner authored
(cherry picked from commit fc7225af)
-
Jonathan Hefner authored
(cherry picked from commit b55f079f)
-
Jonathan Hefner authored
(cherry picked from commit dce8b7fe)
-
Jonathan Hefner authored
(cherry picked from commit 992ead1d)
-
Jonathan Hefner authored
(cherry picked from commit 6e94889b)
-
Jonathan Hefner authored
(cherry picked from commit 32c169d0)
-
Jonathan Hefner authored
(cherry picked from commit b13107fe)
-
