File CVE-2016-2098.patch of Package rubygem-actionview-4_2.2138
diff --git a/actionview/lib/action_view/renderer/renderer.rb b/actionview/lib/action_view/renderer/renderer.rb
index 964b183..5ba7b2b 100644
--- a/actionview/lib/action_view/renderer/renderer.rb
+++ b/actionview/lib/action_view/renderer/renderer.rb
@@ -17,6 +17,10 @@ module ActionView
# Main render entry point shared by AV and AC.
def render(context, options)
+ if options.respond_to?(:permitted?) && !options.permitted?
+ raise ArgumentError, "render parameters are not permitted"
+ end
+
if options.key?(:partial)
render_partial(context, options)
else