diff options
author | MrBrdo <mrbrdo@gmail.com> | 2012-06-08 00:08:51 +0200 |
---|---|---|
committer | Jan Berdajs <mrbrdo@gmail.com> | 2012-06-14 18:10:49 +0200 |
commit | bc7c0b5c108ef47b24bb91c502429935bb34d214 (patch) | |
tree | 8080f11a0fa497eec595df065894f36b2db1a8af /activemodel/CHANGELOG.md | |
parent | f278b067891b3a3e3462e92ada72e8dc5f24797b (diff) | |
download | rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.tar.gz rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.tar.bz2 rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.zip |
prevent users from unknowingly using bad regexps that can compromise security (http://homakov.blogspot.co.uk/2012/05/saferweb-injects-in-various-ruby.html)
Diffstat (limited to 'activemodel/CHANGELOG.md')
-rw-r--r-- | activemodel/CHANGELOG.md | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index 5ee439fa3f..847ae7f237 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -37,6 +37,11 @@ * Trim down Active Model API by removing `valid?` and `errors.full_messages` *José Valim* +* When `^` or `$` are used in the regular expression provided to `validates_format_of` and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using `validates_format_of`. The problem is described in detail in the Rails security guide. + +## Rails 3.2.6 (Jun 12, 2012) ## + +* No changes. ## Rails 3.2.5 (Jun 1, 2012) ## |