Skip to content

Commit 7e39912

Browse files
masaomimasaomi
committed
Upgraded Rails v6.1.6.1, for RCE bug with Serialized Columns in Active Record
1 parent 0d66fca commit 7e39912

File tree

2 files changed

+95
-93
lines changed

2 files changed

+95
-93
lines changed

master/Gemfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ source 'https://rubygems.org'
22

33
gem 'ffi'
44
gem 'sassc-rails'
5-
gem 'rails', '6.1.4.4'
5+
gem 'rails', '6.1.6.1'
66

77
# Bundle edge Rails instead:
88
# gem 'rails', :git => 'git://github.com/rails/rails.git'

master/Gemfile.lock

Lines changed: 94 additions & 92 deletions
Original file line numberDiff line numberDiff line change
@@ -13,60 +13,60 @@ PATH
1313
GEM
1414
remote: https://rubygems.org/
1515
specs:
16-
actioncable (6.1.4.4)
17-
actionpack (= 6.1.4.4)
18-
activesupport (= 6.1.4.4)
16+
actioncable (6.1.6.1)
17+
actionpack (= 6.1.6.1)
18+
activesupport (= 6.1.6.1)
1919
nio4r (~> 2.0)
2020
websocket-driver (>= 0.6.1)
21-
actionmailbox (6.1.4.4)
22-
actionpack (= 6.1.4.4)
23-
activejob (= 6.1.4.4)
24-
activerecord (= 6.1.4.4)
25-
activestorage (= 6.1.4.4)
26-
activesupport (= 6.1.4.4)
21+
actionmailbox (6.1.6.1)
22+
actionpack (= 6.1.6.1)
23+
activejob (= 6.1.6.1)
24+
activerecord (= 6.1.6.1)
25+
activestorage (= 6.1.6.1)
26+
activesupport (= 6.1.6.1)
2727
mail (>= 2.7.1)
28-
actionmailer (6.1.4.4)
29-
actionpack (= 6.1.4.4)
30-
actionview (= 6.1.4.4)
31-
activejob (= 6.1.4.4)
32-
activesupport (= 6.1.4.4)
28+
actionmailer (6.1.6.1)
29+
actionpack (= 6.1.6.1)
30+
actionview (= 6.1.6.1)
31+
activejob (= 6.1.6.1)
32+
activesupport (= 6.1.6.1)
3333
mail (~> 2.5, >= 2.5.4)
3434
rails-dom-testing (~> 2.0)
35-
actionpack (6.1.4.4)
36-
actionview (= 6.1.4.4)
37-
activesupport (= 6.1.4.4)
35+
actionpack (6.1.6.1)
36+
actionview (= 6.1.6.1)
37+
activesupport (= 6.1.6.1)
3838
rack (~> 2.0, >= 2.0.9)
3939
rack-test (>= 0.6.3)
4040
rails-dom-testing (~> 2.0)
4141
rails-html-sanitizer (~> 1.0, >= 1.2.0)
42-
actiontext (6.1.4.4)
43-
actionpack (= 6.1.4.4)
44-
activerecord (= 6.1.4.4)
45-
activestorage (= 6.1.4.4)
46-
activesupport (= 6.1.4.4)
42+
actiontext (6.1.6.1)
43+
actionpack (= 6.1.6.1)
44+
activerecord (= 6.1.6.1)
45+
activestorage (= 6.1.6.1)
46+
activesupport (= 6.1.6.1)
4747
nokogiri (>= 1.8.5)
48-
actionview (6.1.4.4)
49-
activesupport (= 6.1.4.4)
48+
actionview (6.1.6.1)
49+
activesupport (= 6.1.6.1)
5050
builder (~> 3.1)
5151
erubi (~> 1.4)
5252
rails-dom-testing (~> 2.0)
5353
rails-html-sanitizer (~> 1.1, >= 1.2.0)
54-
activejob (6.1.4.4)
55-
activesupport (= 6.1.4.4)
54+
activejob (6.1.6.1)
55+
activesupport (= 6.1.6.1)
5656
globalid (>= 0.3.6)
57-
activemodel (6.1.4.4)
58-
activesupport (= 6.1.4.4)
59-
activerecord (6.1.4.4)
60-
activemodel (= 6.1.4.4)
61-
activesupport (= 6.1.4.4)
62-
activestorage (6.1.4.4)
63-
actionpack (= 6.1.4.4)
64-
activejob (= 6.1.4.4)
65-
activerecord (= 6.1.4.4)
66-
activesupport (= 6.1.4.4)
67-
marcel (~> 1.0.0)
57+
activemodel (6.1.6.1)
58+
activesupport (= 6.1.6.1)
59+
activerecord (6.1.6.1)
60+
activemodel (= 6.1.6.1)
61+
activesupport (= 6.1.6.1)
62+
activestorage (6.1.6.1)
63+
actionpack (= 6.1.6.1)
64+
activejob (= 6.1.6.1)
65+
activerecord (= 6.1.6.1)
66+
activesupport (= 6.1.6.1)
67+
marcel (~> 1.0)
6868
mini_mime (>= 1.1.0)
69-
activesupport (6.1.4.4)
69+
activesupport (6.1.6.1)
7070
concurrent-ruby (~> 1.0, >= 1.0.2)
7171
i18n (>= 1.6, < 2)
7272
minitest (>= 5.1)
@@ -77,17 +77,17 @@ GEM
7777
akami (1.3.1)
7878
gyoku (>= 0.4.0)
7979
nokogiri
80-
bcrypt (3.1.16)
80+
bcrypt (3.1.18)
8181
builder (3.2.4)
82-
chartkick (4.1.3)
82+
chartkick (4.2.0)
8383
coffee-rails (5.0.0)
8484
coffee-script (>= 2.2.0)
8585
railties (>= 5.2.0)
8686
coffee-script (2.4.1)
8787
coffee-script-source
8888
execjs
8989
coffee-script-source (1.12.2)
90-
concurrent-ruby (1.1.9)
90+
concurrent-ruby (1.1.10)
9191
connection_pool (2.2.5)
9292
crass (1.0.6)
9393
daemons (1.4.1)
@@ -106,22 +106,23 @@ GEM
106106
globalid (1.0.0)
107107
activesupport (>= 5.0)
108108
google-analytics-rails (1.1.1)
109-
gyoku (1.3.1)
109+
gyoku (1.4.0)
110110
builder (>= 2.1.2)
111+
rexml (~> 3.0)
111112
hpricot (0.8.6)
112113
httpi (2.5.0)
113114
rack
114115
socksify
115-
i18n (1.9.1)
116+
i18n (1.12.0)
116117
concurrent-ruby (~> 1.0)
117-
jquery-rails (4.4.0)
118+
jquery-rails (4.5.0)
118119
rails-dom-testing (>= 1, < 3)
119120
railties (>= 4.2.0)
120121
thor (>= 0.14, < 2.0)
121122
jstree-rails-4 (3.3.8)
122123
libv8 (3.16.14.19-x86_64-linux)
123124
libv8-node (15.14.0.1-x86_64-linux)
124-
loofah (2.13.0)
125+
loofah (2.18.0)
125126
crass (~> 1.0.2)
126127
nokogiri (>= 1.5.9)
127128
mail (2.7.1)
@@ -131,73 +132,74 @@ GEM
131132
mini_mime (1.1.2)
132133
mini_racer (0.4.0)
133134
libv8-node (~> 15.14.0.0)
134-
minitest (5.15.0)
135+
minitest (5.16.2)
135136
mysql2 (0.5.3)
136-
net-ldap (0.17.0)
137+
net-ldap (0.17.1)
137138
nio4r (2.5.8)
138-
nokogiri (1.13.4-x86_64-linux)
139+
nokogiri (1.13.7-x86_64-linux)
139140
racc (~> 1.4)
140141
nori (2.6.0)
141142
orm_adapter (0.5.0)
142-
public_suffix (4.0.6)
143+
public_suffix (4.0.7)
143144
racc (1.6.0)
144-
rack (2.2.3)
145-
rack-test (1.1.0)
146-
rack (>= 1.0, < 3)
147-
rails (6.1.4.4)
148-
actioncable (= 6.1.4.4)
149-
actionmailbox (= 6.1.4.4)
150-
actionmailer (= 6.1.4.4)
151-
actionpack (= 6.1.4.4)
152-
actiontext (= 6.1.4.4)
153-
actionview (= 6.1.4.4)
154-
activejob (= 6.1.4.4)
155-
activemodel (= 6.1.4.4)
156-
activerecord (= 6.1.4.4)
157-
activestorage (= 6.1.4.4)
158-
activesupport (= 6.1.4.4)
145+
rack (2.2.4)
146+
rack-test (2.0.2)
147+
rack (>= 1.3)
148+
rails (6.1.6.1)
149+
actioncable (= 6.1.6.1)
150+
actionmailbox (= 6.1.6.1)
151+
actionmailer (= 6.1.6.1)
152+
actionpack (= 6.1.6.1)
153+
actiontext (= 6.1.6.1)
154+
actionview (= 6.1.6.1)
155+
activejob (= 6.1.6.1)
156+
activemodel (= 6.1.6.1)
157+
activerecord (= 6.1.6.1)
158+
activestorage (= 6.1.6.1)
159+
activesupport (= 6.1.6.1)
159160
bundler (>= 1.15.0)
160-
railties (= 6.1.4.4)
161+
railties (= 6.1.6.1)
161162
sprockets-rails (>= 2.0.0)
162163
rails-dom-testing (2.0.3)
163164
activesupport (>= 4.2.0)
164165
nokogiri (>= 1.6)
165-
rails-html-sanitizer (1.4.2)
166+
rails-html-sanitizer (1.4.3)
166167
loofah (~> 2.3)
167-
railties (6.1.4.4)
168-
actionpack (= 6.1.4.4)
169-
activesupport (= 6.1.4.4)
168+
railties (6.1.6.1)
169+
actionpack (= 6.1.6.1)
170+
activesupport (= 6.1.6.1)
170171
method_source
171-
rake (>= 0.13)
172+
rake (>= 12.2)
172173
thor (~> 1.0)
173174
rake (13.0.6)
174-
redis (4.5.1)
175+
redis (4.7.1)
175176
ref (2.0.0)
176177
responders (3.0.1)
177178
actionpack (>= 5.0)
178179
railties (>= 5.0)
179-
rspec (3.10.0)
180-
rspec-core (~> 3.10.0)
181-
rspec-expectations (~> 3.10.0)
182-
rspec-mocks (~> 3.10.0)
183-
rspec-core (3.10.2)
184-
rspec-support (~> 3.10.0)
185-
rspec-expectations (3.10.2)
180+
rexml (3.2.5)
181+
rspec (3.11.0)
182+
rspec-core (~> 3.11.0)
183+
rspec-expectations (~> 3.11.0)
184+
rspec-mocks (~> 3.11.0)
185+
rspec-core (3.11.0)
186+
rspec-support (~> 3.11.0)
187+
rspec-expectations (3.11.0)
186188
diff-lcs (>= 1.2.0, < 2.0)
187-
rspec-support (~> 3.10.0)
188-
rspec-mocks (3.10.2)
189+
rspec-support (~> 3.11.0)
190+
rspec-mocks (3.11.1)
189191
diff-lcs (>= 1.2.0, < 2.0)
190-
rspec-support (~> 3.10.0)
191-
rspec-rails (5.1.0)
192+
rspec-support (~> 3.11.0)
193+
rspec-rails (5.1.2)
192194
actionpack (>= 5.2)
193195
activesupport (>= 5.2)
194196
railties (>= 5.2)
195197
rspec-core (~> 3.10)
196198
rspec-expectations (~> 3.10)
197199
rspec-mocks (~> 3.10)
198200
rspec-support (~> 3.10)
199-
rspec-support (3.10.3)
200-
ruby_parser (3.18.1)
201+
rspec-support (3.11.0)
202+
ruby_parser (3.19.1)
201203
sexp_processor (~> 4.16)
202204
sassc (2.4.0)
203205
ffi (~> 1.9)
@@ -215,8 +217,8 @@ GEM
215217
nokogiri (>= 1.8.1)
216218
nori (~> 2.4)
217219
wasabi (~> 3.4)
218-
sexp_processor (4.16.0)
219-
sidekiq (6.4.0)
220+
sexp_processor (4.16.1)
221+
sidekiq (6.5.1)
220222
connection_pool (>= 2.2.2)
221223
rack (~> 2.0)
222224
redis (>= 4.2.0)
@@ -225,18 +227,18 @@ GEM
225227
simplecov-html (~> 0.11)
226228
simplecov_json_formatter (~> 0.1)
227229
simplecov-html (0.12.3)
228-
simplecov-rcov (0.2.3)
230+
simplecov-rcov (0.3.1)
229231
simplecov (>= 0.4.1)
230-
simplecov_json_formatter (0.1.3)
232+
simplecov_json_formatter (0.1.4)
231233
socksify (1.7.1)
232-
sprockets (4.0.2)
234+
sprockets (4.1.1)
233235
concurrent-ruby (~> 1.0)
234236
rack (> 1, < 3)
235237
sprockets-rails (3.4.2)
236238
actionpack (>= 5.2)
237239
activesupport (>= 5.2)
238240
sprockets (>= 3.0.0)
239-
sqlite3 (1.4.2)
241+
sqlite3 (1.4.4)
240242
sushi_fabric (1.1.8)
241243
therubyracer (0.12.3)
242244
libv8 (~> 3.16.14.15)
@@ -263,7 +265,7 @@ GEM
263265
yaml_db (0.7.0)
264266
rails (>= 3.0)
265267
rake (>= 0.8.7)
266-
zeitwerk (2.5.4)
268+
zeitwerk (2.6.0)
267269

268270
PLATFORMS
269271
x86_64-linux
@@ -285,7 +287,7 @@ DEPENDENCIES
285287
mysql2 (= 0.5.3)
286288
nokogiri (>= 1.13.4)
287289
rack (>= 2.2.3)
288-
rails (= 6.1.4.4)
290+
rails (= 6.1.6.1)
289291
rspec
290292
rspec-rails
291293
ruby_parser

0 commit comments

Comments
 (0)