diff options
| author | Ryuta Kamizono <kamipo@gmail.com> | 2019-02-18 15:27:23 +0900 |
|---|---|---|
| committer | Ryuta Kamizono <kamipo@gmail.com> | 2019-02-18 16:57:10 +0900 |
| commit | b09d8f6bb3a23cd907d084103fb5b4c02479a39b (patch) | |
| tree | 150e5356911c2cb1e4576a9190d1269e268f7145 /activerecord/CHANGELOG.md | |
| parent | 4ea067017ae52d4a74335ed85df085a86663d213 (diff) | |
| download | rails-b09d8f6bb3a23cd907d084103fb5b4c02479a39b.tar.gz rails-b09d8f6bb3a23cd907d084103fb5b4c02479a39b.tar.bz2 rails-b09d8f6bb3a23cd907d084103fb5b4c02479a39b.zip | |
Don't allow `where` with invalid value matches to nil values
That is considered as silently leaking information.
If type casting doesn't return any actual value, it should not be
matched to any record.
Fixes #33624.
Closes #33946.
Diffstat (limited to 'activerecord/CHANGELOG.md')
| -rw-r--r-- | activerecord/CHANGELOG.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 8d8aa89368..c1ce01c312 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,9 @@ +* Don't allow `where` with invalid value matches to nil values. + + Fixes #33624. + + *Ryuta Kamizono* + * SQLite3: Implement `add_foreign_key` and `remove_foreign_key`. *Ryuta Kamizono* |