Bump rails from 6.0.2.2 to 6.0.3.2
Bumps rails from 6.0.2.2 to 6.0.3.2.
Release notes
Sourced from rails's releases.
6.0.3.1
Active Support
[CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
[CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
Active Model
- No changes.
Active Record
- No changes.
Action View
- [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Action Pack
[CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
[CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
... (truncated)
Commits
-
fbe2433Preparing for 6.0.3.2 release -
11052e0Update changelog -
2121b9dOnly allow ActionableErrors if show_detailed_exceptions is enabled -
34991a6Preparing for 6.0.3.1 release -
2c8fe2abumping version, updating changelog -
0ad524aupdate changelog -
47a8dc3Check that request is same-origin prior to including CSRF token in XHRs -
29aa538HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a ... -
bd39a13activesupport: Deprecate Marshal.load on raw cache read in RedisCacheStore -
0a7ce52activesupport: Avoid Marshal.load on raw cache value in MemCacheStore - Additional commits viewable in compare view