diff options
author | taca <taca@pkgsrc.org> | 2021-07-04 06:24:45 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2021-07-04 06:24:45 +0000 |
commit | af166299b187b225d2d25796f3d7a9b17fc35635 (patch) | |
tree | b60fe7b6b8cecf164d8fa7e518a165fa669ab91b /lang/ruby | |
parent | 5e96a3322f258f4cb3bcd8d88f9b69b2e78a8313 (diff) | |
download | pkgsrc-af166299b187b225d2d25796f3d7a9b17fc35635.tar.gz |
www/ruby-rails52: update to 5.2.6
Ruby on Rails 5.2.6 (2021-05-05)
There are changes in www/ruby-actionpack52 only, including security fix.
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In this version, we generate Base64 urlsafe-encoded CSRF tokens,
which are inherently safe to transport. Validation accepts both
urlsafe tokens, and strict-encoded tokens for backwards
compatibility.
How the tokes are encoded is controllr by the
action_controller.urlsafe_csrf_tokens config.
In Rails 5.2.5, the CSRF token format was accidentally changed to
urlsafe-encoded.
Atention: If you already upgraded your application to 5.2.5, set the
config urlsafe_csrf_tokens to true, otherwise your form submission
will start to fail during the deploy of this new version.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
If you are upgrading from 5.2.4.x, you don't need to change this
configuration.
Scott Blum, Étienne Barrié
Diffstat (limited to 'lang/ruby')
-rw-r--r-- | lang/ruby/rails.mk | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lang/ruby/rails.mk b/lang/ruby/rails.mk index a3a8616075d..4a13d239c0e 100644 --- a/lang/ruby/rails.mk +++ b/lang/ruby/rails.mk @@ -1,4 +1,4 @@ -# $NetBSD: rails.mk,v 1.100 2021/05/08 14:08:55 taca Exp $ +# $NetBSD: rails.mk,v 1.101 2021/07/04 06:24:45 taca Exp $ .if !defined(_RUBY_RAILS_MK) _RUBY_RAILS_MK= # defined @@ -47,7 +47,7 @@ _RUBY_RAILS_MK= # defined # # current Ruby on Rails versions. # -RUBY_RAILS52_VERSION?= 5.2.5 +RUBY_RAILS52_VERSION?= 5.2.6 RUBY_RAILS60_VERSION?= 6.0.3.7 RUBY_RAILS61_VERSION?= 6.1.3.2 |