- 10 9月, 2020 2 次提交
-
-
由 George Claghorn 提交于
-
由 Jonathan Hefner 提交于
Prior to this commit, when a translation key indicated that the translation text was HTML, the value returned by `I18n.translate` would always be marked as `html_safe`. However, the value returned by `I18n.translate` could be an untrusted value directly from `options[:default]`. This commit ensures values directly from `options[:default]` are not marked as `html_safe`.
-
- 18 5月, 2020 3 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
- 16 5月, 2020 6 次提交
-
-
由 Aaron Patterson 提交于
-
由 Jack McCracken 提交于
[CVE-2020-8167]
-
由 Jack McCracken 提交于
[CVE-2020-8166]
-
由 Dylan Thacker-Smith 提交于
The same value for the `raw` option should be provided for both reading and writing to avoid Marshal.load being called on untrusted data. [CVE-2020-8165]
-
由 Dylan Thacker-Smith 提交于
Dalli is already being used for marshalling, so we should also rely on it for unmarshalling. Since Dalli tags the cache value as marshalled it can avoid unmarshalling a raw string which might have come from an untrusted source. [CVE-2020-8165]
-
由 Jack McCracken 提交于
[CVE-2020-8164]
-
- 15 5月, 2020 1 次提交
-
-
由 Travis Pew 提交于
[CVE-2020-8162]
-
- 20 3月, 2020 2 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
This commit escapes dollar signs and backticks to prevent JS XSS issues when using the `j` or `javascript_escape` helper CVE-2020-5267
-
- 19 12月, 2019 2 次提交
-
-
由 Rafael Mendonça França 提交于
-
由 Rafael Mendonça França 提交于
The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782
-
- 27 11月, 2019 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 23 11月, 2019 12 次提交
-
-
由 Rafael Mendonça França 提交于
-
由 Rafael Mendonça França 提交于
-
由 Rafael Mendonça França 提交于
-
由 Rafael Mendonça França 提交于
-
由 John Hawthorn 提交于
-
由 John Hawthorn 提交于
-
由 John Hawthorn 提交于
We no longer link JS by default, we need to modify manifest.js for that now.
-
由 John Hawthorn 提交于
-
由 John Hawthorn 提交于
We no longer link all js by default, so we should do this test with a css instead (we don't care about that specifics of the dir just that its in the manifest and in this dir).
-
由 John Hawthorn 提交于
-
由 John Hawthorn 提交于
-
由 John Hawthorn 提交于
-
- 20 11月, 2019 11 次提交
-
-
由 Ryuta Kamizono 提交于
Fix Active Job Sidekiq integration tests
-
由 Ryuta Kamizono 提交于
Check that entire collection has been loaded before short circuiting
-
由 Ryuta Kamizono 提交于
Address test_statement_cache_with_in_clause failure
-
由 Ryuta Kamizono 提交于
-
由 Ryuta Kamizono 提交于
Fix "NameError: undefined local variable or method `primary' for #<ApplicationTests::ServerTest:0x000055df43b391d8>"
-
由 Ryuta Kamizono 提交于
Merge pull request #37489 from giraffate/fix_random_ci_failure_due_to_non-deterministic_sorting_order Fix random CI failure due to non-deterministic sorting order
-
由 Ryuta Kamizono 提交于
Address occasional test_pluck_columns_with_same_name failure
-
由 Ryuta Kamizono 提交于
Fix activestorage CI failure due to ffprove version differece
-