Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,

to make it not leak length information even for variable length string. Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`, and started raising `ArgumentError` in case of length mismatch of passed strings.
author: Vipul A M <vipulnsward@gmail.com> 2016-04-12 02:41:06 +0530
committer: Vipul A M <vipulnsward@gmail.com> 2017-06-07 03:45:10 +0530
commit: fa487763d98ccf9c3e66fdb44f09af5c37a50fe5 (patch)
tree: 64fdab96c6cd6c085366c2d4c3eb6a0f83e8fbd6 /activesupport/CHANGELOG.md
parent: ac8b79d553592b3c9515940b5fe5e9d3c7ec9a45 (diff)
download: rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.tar.gz
rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.tar.bz2
rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index fc1e5516f8..8a76e011c1 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`, 
+    to make it not leak length information even for variable length string.
+    
+    Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`, 
+    and started raising `ArgumentError` in case of length mismatch of passed strings.
+
+    *Vipul A M*
+    
 *   Add default option to module and class attribute accessors.
 
         mattr_accessor :settings, default: {}
author	Vipul A M <vipulnsward@gmail.com>	2016-04-12 02:41:06 +0530
committer	Vipul A M <vipulnsward@gmail.com>	2017-06-07 03:45:10 +0530
commit	fa487763d98ccf9c3e66fdb44f09af5c37a50fe5 (patch)
tree	64fdab96c6cd6c085366c2d4c3eb6a0f83e8fbd6 /activesupport/CHANGELOG.md
parent	ac8b79d553592b3c9515940b5fe5e9d3c7ec9a45 (diff)
download	rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.tar.gz rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.tar.bz2 rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.zip