Overview

File rubygem-rails-6.0.changes of Package rubygem-rails-6.0

-------------------------------------------------------------------
Tue Nov 14 15:27:06 UTC 2023 - Dan Čermák <dan.cermak@posteo.net>

- 6.0.6.1:



## Active Support

*   No changes.



## Active Model

*   No changes.



## Active Record

*   Make `sanitize_as_sql_comment` more strict

    Though this method was likely never meant to take user input, it was
    attempting sanitization. That sanitization could be bypassed with
    carefully crafted input.

    This commit makes the sanitization more robust by replacing any
    occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
    first pass to remove one surrounding comment to avoid compatibility
    issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not
    be provided user input.

    [CVE-2023-22794]



## Action View

*   No changes.



## Action Pack

*   No changes.



## Active Job

*   No changes.



## Action Mailer

*   No changes.



## Action Cable

*   No changes.



## Active Storage

*   No changes.



## Action Mailbox

*   No changes.



## Action Text

*   No changes.



## Railties

*   No changes.







-------------------------------------------------------------------
Wed Jan 18 14:48:34 UTC 2023 - Alexey Svistunov <svalx@svalx.net>

- Initial package
openSUSE Build Service is sponsored by
Places