Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012) * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the helper doesn't correctly handle malformed html. As a result an attacker can execute arbitrary javascript through the use of specially crafted malformed html. *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino* * When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. Vulnerable code will look something like this: select_tag("name", options, :prompt => UNTRUSTED_INPUT) *Santiago Pastorino*
This commit is contained in:
parent
8723af9fe2
commit
8f099d3a77
1 changed files with 4 additions and 4 deletions
|
@ -1,5 +1,5 @@
|
|||
$NetBSD: distinfo,v 1.6 2012/07/31 12:38:13 taca Exp $
|
||||
$NetBSD: distinfo,v 1.7 2012/08/12 10:34:38 taca Exp $
|
||||
|
||||
SHA1 (actionpack-3.1.7.gem) = d6d7d99e6b4c30f80ca5a1d321f44aefeb5583cf
|
||||
RMD160 (actionpack-3.1.7.gem) = b49e3389c06c965c43aeb3a18893bcd44bd5797b
|
||||
Size (actionpack-3.1.7.gem) = 367616 bytes
|
||||
SHA1 (actionpack-3.1.8.gem) = 20d22f75b553e897808269ad308405570d2c874b
|
||||
RMD160 (actionpack-3.1.8.gem) = 9343ed89627b3a9dd6d4eca3d82a9d66fae09853
|
||||
Size (actionpack-3.1.8.gem) = 368128 bytes
|
||||
|
|
Loading…
Reference in a new issue