Actions
Patch #37452
closedUpdate Rails to 6.1.7
Description
Rails team released new versions of rails that fixes CVE-2022-32224 security issue (https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017). Updated version is not backward compatible, application should explicitly enable permitted classes for YAML serialization:
config.active_record.yaml_column_permitted_classes: [Symbol]
Files
Related issues
Updated by Go MAEDA over 2 years ago
- Tracker changed from Feature to Patch
- Subject changed from Update Rails to recent versions to Update Rails to 6.1.6.1
- Category changed from Gems support to Rails support
- Target version set to 5.0.3
Updated by Go MAEDA over 2 years ago
- Copied to Patch #37465: Update Rails to 5.2.8.1 added
Updated by Go MAEDA over 2 years ago
To use Rails 6.1.6.1 on Ruby 2.5, psych must be updated to version 3.1.0 or higher. See Rails 6.1.6.1 with Ruby 2.5 throws ArgumentError: unknown keywords: permitted_classes, aliases · Issue #45590 · rails/rails for details.
Index: Gemfile
===================================================================
--- Gemfile (リビジョン 21718)
+++ Gemfile (作業コピー)
@@ -3,7 +3,7 @@
ruby '>= 2.5.0', '< 3.2.0'
gem 'bundler', '>= 1.12.0'
-gem 'rails', '6.1.6'
+gem 'rails', '6.1.6.1'
gem 'globalid', '~> 0.4.2' if Gem.ruby_version < Gem::Version.new('2.6.0')
gem 'rouge', '~> 3.28.0'
gem 'request_store', '~> 1.5.0'
@@ -22,6 +22,7 @@
gem 'net-smtp', '~> 0.3.0'
gem 'net-imap', '~> 0.2.2'
gem 'net-pop', '~> 0.1.1'
+gem 'psych', '>= 3.1.0' if Gem.ruby_version < Gem::Version.new('2.6.0')
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :x64_mingw, :mswin]
Updated by Go MAEDA over 2 years ago
- Status changed from New to Closed
- Assignee set to Go MAEDA
Updated Rails for trunk and 5.0-stable.
Updated by Go MAEDA over 2 years ago
- Subject changed from Update Rails to 6.1.6.1 to Update Rails to 6.1.7
Updated by Go MAEDA about 2 years ago
- Related to Defect #37719: Broken serialized columns, if saved time was with Rails 4.2 added
Actions