From fad3abb6b8a128a440195c3f362c48e6e8791f20 Mon Sep 17 00:00:00 2001 From: Denis Talakevich Date: Tue, 10 Dec 2019 21:24:31 +0200 Subject: [PATCH 1/2] fix import preview * fix policy * fix redirect --- app/policies/role_policy.rb | 3 +++ lib/resource_dsl/acts_as_import_preview.rb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app/policies/role_policy.rb b/app/policies/role_policy.rb index 3eebd8191..512c93fda 100644 --- a/app/policies/role_policy.rb +++ b/app/policies/role_policy.rb @@ -40,6 +40,9 @@ def perform? alias_rule :import?, to: :perform? # ActiveAdminImport::Auth::IMPORT alias_rule :do_import?, to: :import? # active_admin_import + alias_rule :batch_insert?, :batch_replace?, :batch_update?, :delete_all?, + to: :perform? + private # action could be one of [:read, :change, :remove, :perform] diff --git a/lib/resource_dsl/acts_as_import_preview.rb b/lib/resource_dsl/acts_as_import_preview.rb index 2c02ab8c4..1cb4e221c 100644 --- a/lib/resource_dsl/acts_as_import_preview.rb +++ b/lib/resource_dsl/acts_as_import_preview.rb @@ -15,7 +15,7 @@ def acts_as_import_preview scope :for_update redirect_proc = proc do - active_admin_config.namespace.resource_for(config.resource_class.import_class).route_collection_path + active_admin_config.namespace.resource_for(active_admin_config.resource_class.import_class).route_collection_path end acts_as_import_resource_class = config.resource_class From b61d770cd5d22bdae2c0f48ce2c5ee37ebaa7af1 Mon Sep 17 00:00:00 2001 From: Denis Talakevich Date: Wed, 11 Dec 2019 09:55:43 +0200 Subject: [PATCH 2/2] fix vulnerabilities loofah nokogiri puma in 1.9 Name: loofah Version: 2.2.3 Advisory: CVE-2019-15587 Criticality: Unknown URL: https://github.com/flavorjones/loofah/issues/171 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.3.1 Name: nokogiri Version: 1.10.4 Advisory: CVE-2019-13117 Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/issues/1943 Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Solution: upgrade to >= 1.10.5 Name: puma Version: 3.12.1 Advisory: CVE-2019-16770 Criticality: High URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994 Title: Keepalive thread overload/DoS in puma Solution: upgrade to ~> 3.12.2, >= 4.3.1 --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 22e8dab1f..e5e3237b2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -228,7 +228,7 @@ GEM concurrent-ruby (1.1.4) crack (0.4.3) safe_yaml (~> 1.0.0) - crass (1.0.4) + crass (1.0.5) d3-rails (3.5.2) railties (>= 3.1) daemons (1.2.6) @@ -321,7 +321,7 @@ GEM addressable (~> 2.3) libv8 (3.16.14.19) locale (2.1.2) - loofah (2.2.3) + loofah (2.4.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -340,7 +340,7 @@ GEM net_tcp_client (2.0.1) netstring (0.0.3) nio4r (2.3.1) - nokogiri (1.10.4) + nokogiri (1.10.7) mini_portile2 (~> 2.4.0) oj (2.18.5) orm_adapter (0.5.0) @@ -355,7 +355,7 @@ GEM pg (1.0.0) powerpack (0.1.2) public_suffix (3.0.3) - puma (3.12.1) + puma (3.12.2) puma_worker_killer (0.1.0) get_process_mem (~> 0.2) puma (>= 2.7, < 4)