- 10 9月, 2020 2 次提交
-
-
由 George Claghorn 提交于
-
由 Jonathan Hefner 提交于
Prior to this commit, when a translation key indicated that the translation text was HTML, the value returned by `I18n.translate` would always be marked as `html_safe`. However, the value returned by `I18n.translate` could be an untrusted value directly from `options[:default]`. This commit ensures values directly from `options[:default]` are not marked as `html_safe`.
-
- 17 6月, 2020 3 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Rafael Mendonça França 提交于
[CVE-2020-8185]
-
- 18 5月, 2020 2 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
- 16 5月, 2020 6 次提交
-
-
由 Aaron Patterson 提交于
-
由 Jack McCracken 提交于
[CVE-2020-8167]
-
由 Jack McCracken 提交于
[CVE-2020-8166]
-
由 Dylan Thacker-Smith 提交于
The same value for the `raw` option should be provided for both reading and writing to avoid Marshal.load being called on untrusted data. [CVE-2020-8165]
-
由 Dylan Thacker-Smith 提交于
Dalli is already being used for marshalling, so we should also rely on it for unmarshalling. Since Dalli tags the cache value as marshalled it can avoid unmarshalling a raw string which might have come from an untrusted source. [CVE-2020-8165]
-
由 Jack McCracken 提交于
[CVE-2020-8164]
-
- 15 5月, 2020 1 次提交
-
-
由 Travis Pew 提交于
[CVE-2020-8162]
-
- 07 5月, 2020 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 03 5月, 2020 1 次提交
-
-
由 Eugene Kenny 提交于
Allow associations to be autosaved multiple times
-
- 02 5月, 2020 2 次提交
-
-
由 Rafael Mendonça França 提交于
-
由 Rafael Mendonça França 提交于
-
- 01 5月, 2020 1 次提交
-
-
由 Ryuta Kamizono 提交于
Relying on the `Arel::Table.engine` is convenient if an app have only a single kind of database, but if not so, the global state is not always the same with the current connection.
-
- 29 4月, 2020 1 次提交
-
-
由 Xavier Noria 提交于
-
- 27 4月, 2020 1 次提交
-
-
由 Abhay Nikam 提交于
-
- 25 4月, 2020 2 次提交
-
-
由 Xavier Noria 提交于
-
由 William Carey 提交于
Closes #37701.
-
- 23 4月, 2020 1 次提交
-
-
由 Eugene Kenny 提交于
Reject hexadecimal numbers with signs while validating numericality
-
- 21 4月, 2020 1 次提交
-
-
由 Eugene Kenny 提交于
Use __id__ to dedup records for transactional callbacks
-
- 19 4月, 2020 1 次提交
-
-
由 Eugene Kenny 提交于
Fix random CI fail due to cross-second time delay
-
- 17 4月, 2020 4 次提交
-
-
由 Ryuta Kamizono 提交于
Follow up to 404e1a0a.
-
由 Ryuta Kamizono 提交于
Skip insert all tests when features are unavailable
-
由 Eugene Kenny 提交于
Don't gitignore tmp/pids/.keep
- 16 4月, 2020 1 次提交
-
-
由 Ryuta Kamizono 提交于
Fix unscoping association scope on joins not to raise an error
-
- 14 4月, 2020 3 次提交
-
-
由 Eugene Kenny 提交于
Followup to e7514dc6.
-
由 Rafael França 提交于
Ignore Errno::ENOTEMPTY when calling AS::Cache::FileStore#clear with race conditions
-
由 Rafael França 提交于
Load XML Builder if it is not available
-
- 13 4月, 2020 2 次提交
-
-
由 Eugene Kenny 提交于
Followup to b94efe9f.
-
由 Rafael França 提交于
activerecord: Allow comment prefix in queries when preventing writes
-
- 12 4月, 2020 1 次提交
-
-
由 Ryuta Kamizono 提交于
Allow extra scoping in callbacks when create on association relation
-
- 11 4月, 2020 1 次提交
-
-
由 eileencodes 提交于
The database kwarg is deprecated in 6.1 and will be removed in 6.2. It has caused a lot of confusion and is dangerous to use in requests. Even though docs recommended against use in requests, the majority of bug reports to Rails regarding `connected_to` are related to this feature. Since it's not an adequate replacement for sharding support we're removing it. If you need shard support please use Rails 6.1 and the shard kwarg.
-
- 09 4月, 2020 1 次提交
-
-
由 Rafael Mendonça França 提交于
While using perform_enqueued_jobs enqueued jobs must be stored as well
-
- 08 4月, 2020 1 次提交
-
-
由 Eugene Kenny 提交于
Adding a route for Mandrill's url check.
-