Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Framework Security Patch #2639

Merged
merged 1 commit into from
Oct 16, 2024
Merged

Framework Security Patch #2639

merged 1 commit into from
Oct 16, 2024

Conversation

pglombardo
Copy link
Owner

@pglombardo pglombardo commented Oct 16, 2024

Description

Here is a list of security issues that this release address:

  1. CVE-2024-47887 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
  2. CVE-2024-41128 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
  3. CVE-2024-47888 Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
  4. CVE-2024-47889 Possible ReDoS vulnerability in block_format in Action Mailer

Related Issue

Type of Change

  • 📚 Examples / docs / tutorials / dependencies update
  • 🔧 Bug fix (non-breaking change which fixes an issue)
  • 🥂 Improvement (non-breaking change which improves an existing feature)
  • 🚀 New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to change)
  • 🔐 Security fix

Checklist

  • I've written tests (if applicable) for all new methods and classes that I created. (rake test)
  • I've added documentation as necessary so users can easily use and understand this feature/fix.

@pglombardo pglombardo merged commit 630ad36 into master Oct 16, 2024
5 checks passed
@pglombardo pglombardo deleted the framework-upgrade branch October 16, 2024 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant