Package: rails / 2:4.2.7.1-1+deb9u2
Metadata
| Package | Version | Patches format |
|---|---|---|
| rails | 2:4.2.7.1-1+deb9u2 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| 0001 Be careful with that bundler.patch | (download) |
railties/lib/rails/generators/app_base.rb |
6 2 + 4 - 0 ! |
be careful with that bundler |
| 0002 load_paths.rb don t load bundler.patch | (download) |
load_paths.rb |
4 1 + 3 - 0 ! |
load_paths.rb: don't load bundler |
| 0004 ActiveRecord adjust test suite for Debian build.patch | (download) |
activerecord/test/cases/associations/cascaded_eager_loading_test.rb |
1 1 + 0 - 0 ! |
activerecord: adjust test suite for debian build Let's fix or skkip a few tests that are broken on Debian. This is just to have minimal testing of ActiveRecord, but I should investigate deeper why the hell those tests are failing. |
| 0005 relax json.patch | (download) |
activesupport/activesupport.gemspec |
2 1 + 1 - 0 ! |
--- |
| 006 CVE 2018 16476.patch | (download) |
activejob/lib/active_job/arguments.rb |
2 1 + 1 - 0 ! |
[patch] do not deserialize globalid objects that were not generated by Active Job Trusting any GlobaID object when deserializing jobs can allow attackers to access information that should not be accessible to them. Fix CVE-2018-16476. |
| 007 CVE 2019 5418_CVE 2019 5419.patch | (download) |
actionpack/lib/action_dispatch/http/mime_negotiation.rb |
6 5 + 1 - 0 ! |
[patch] only accept formats from registered mime types [CVE-2019-5418] [CVE-2019-5419] |
| CVE 2020 5267.patch | (download) |
actionview/lib/action_view/helpers/javascript_helper.rb |
6 4 + 2 - 0 ! |
fix possible xss vector in js escape helper This commit escapes dollar signs and backticks to prevent JS XSS issues when using the `j` or `javascript_escape` helper |