crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates
Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.
Thanks to Guido Vranken for reporting this.
This is CVE-2022-23806 and https://go.dev/issue/50974.
math/big: prevent large memory consumption in Rat.SetString
An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.
Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel Odeke
(@odeke_et) for reporting it.
This is CVE-2022-23772 and Go issue https://go.dev/issue/50699.
cmd/go: prevent branches from materializing into versions
A branch whose name resembles a version tag (such as "v1.0.0" or "subdir/v2.0.0-dev")
can be considered a valid version by the go command. Materializing versions from
branches might be unexpected and bypass ACLs that limit the creation of tags but not
branches.
This is CVE-2022-23773 and Go issue https://go.dev/issue/35671.
0.9.8.1
- Fix generic sourceforge PackageURL generation
0.9.8
- Do not create a generic PackageURL for URLs without a path in url2purl
- Use project name as the Package name when creating generic sourceforge PackageURLs
- Update PyPI route pattern in url2purl to handle different file name formats
- Create generic PackageURL for code.google.com archive URLs
- Capture more download types for bitbucket URLs
Changes between 1.0.19 and 1.0.20
Some improvements to reading command-line options and Makefile
portability. Support for Windows configurations, thanks Rafael Kitover; and for
Octopus git/merge thanks Kiyoshi Ohgishi.
4.2.4 (2021-12-27)
Improvements
* spec_helper: drop require_relative to lib directory (#1306)
* Fix build error with Ruby 3.1 on macOS (#1313)
Bug Fixes
* remove Mutex in trace_proc= (#1303)
* channel_mean_spec: fix floating point comparison (#1307)
* changed_predicate_spec: ensure target directory exists (#1305)
* Doc: Fix documentation of Magick::Image#crop (#1311)
* Magick::UndefinedKernel should also not be used when creating a new
KernelInfo. (#1312)
1.125.0 (2022-01-20)
What's Changed
* Wompi: add gateway by @therufs in #4173
* Stripe Payment Intents: Add setup_purchase by @aenand in #4178
* IPG: Add Gateway by @ajawadmirza in #4171
* Safe Charge: Add sg_NotUseCVV field by @ajawadmirza in #4177
* PayU Latam: send correct card types for maestro and condensa by @dsmcclain
in #4182
* Stripe Payment Intents: refactor response by @aenand in #4183
* Safe Charge: Support string for Add sg_NotUseCVV field by @ajawadmirza in
#4185
* Wompi: cast error messages to JSON by @therufs in #4186
* NMI: omit initial_transaction_id for CIT by @aenand in #4189
* Adding Priority gateway by @jessiagee in #4166
* GlobalCollect: Support for Lodging Data by @naashton in #4190
* Wompi: option for installments by @therufs in #4192
* Stripe Payment Intents: Add support for fulfillment_date and event_type by
@dsmcclain in #4193
* Paysafe: Adjust logic for sending 3DS field by @meagabeth in #4194
* DLocal: Implement $0 Verify by @dsmcclain in #4184
* EBANX: Added processing_type Gateway Specific Field by @kledoux-spreedly
in #4198
* Wompi: do not pass CVV if not provided by @therufs in #4199
* Paysafe: Concatenate credentials for headers by @meagabeth in #4201
* Stripe PI: add_metadata to setup_purchase by @aenand in #4202
* Element (Vantiv Express): Add support for CreditCardCredit action by
@dsmcclain in #4203
* Orbital: Add googlepay payment tests by @ajawadmirza in #4205
* Mundipagg: Update success method by @ajawadmirza in #4210
* Worldpay: Add support for Visa Direct Fast Funds Credit by @dsmcclain in
#4212
* Paysafe: Add support for stored credentials by @meagabeth in #4214
* Add Canadian institution number for check by @therufs in #4216
* Worldpay: Set default eCommerce indicator for EMVCO network tokens by
@shasum in #4215
* Update Canadian institution number handling by @therufs in #4217
* Mercado Pago: Update verify for custom amount by @ajawadmirza in #4219
* Wompi: Add support for Auth and Capture by @rachelkirk in #4218
* Priority: update source and billing address checks by @jessiagee in #4220
* Revert "Remove YAML warning on load_fixtures_method" by @dsmcclain in
#4229
* USAePay: Add store test, update authorize param by @jessiagee in #4232
* Orbital: Update google pay validations by @ajawadmirza in #4230
* Priority: Remove bank account tender type by @jessiagee in #4228
* Pin Payments: add void support by @montdidier in #4144
* Wompi: update authorization in capture by @rachelkirk in #4238
* IPG: Update authorization for store by @ajawadmirza in #4233
* Paymentez: Update card mappings by @ajawadmirza in #4237
* Orbital: Quick fix for brand correction by @ajawadmirza in #4242
* Priority: Cleaning up refund method by @jessiagee in #4240
* Priority: update parsing for error messages by @jessiagee in #4245
* GlobalCollect: Support Airline Data by @naashton in #4187
* IPG: Add store error response by @ajawadmirza in #4241
* Adds Multiple Item Codes and Amounts to Cashnet Gateway by @peteroas in
#4243
* IPG: verify method bug fixes for core by @ajawadmirza in #4244
* Stripe: Add support for skip_radar_rules by @dsmcclain in #4250
* CyberSource: Add tax fields by @ajawadmirza in #4251
* Kushki: Add support for metadata by @rachelkirk in #4253
* Wompi: Update sandbox and production endpoints by @rachelkirk in #4255
* Orbital: Add SCA Merchant Initiated field by @ajawadmirza in #4256
* GlobalCollect: Update Production Endpoint by @naashton in #4196
* Decidir Plus: Add Gateway Adapter by @naashton in #4264
* Decidir Plus: Update payment reference by @naashton in #4271
* Paysafe: Update redact method by @meagabeth in #4269
* Elavon: third_party_token bug fix by @rachelkirk in #4273
* Add metadata to network_tokenization_credit_card by @mark-sim in #4270
* Decidir Plus: Sub Payment Fields by @naashton in #4274
* PayWay: Update endpoints and response code by @jessiagee in #4281
New Contributors
* @kledoux-spreedly made their first contribution in #4198
* @peteroas made their first contribution in #4243
* @mark-sim made their first contribution in #4270
I forgot to mention these changes.
2.5.3 (2021-12-30)
* The change introduced in 2.5.2 implied a performance regression that
was particularly dramatic in Ruby 3.1. We'll address #198 in a
different way.
2.5.2 (2021-12-27)
* When Module#autoload triggers the autovivification of an implicit
namespace, $LOADED_FEATURES now gets the correspoding directory
pushed. This is just a tweak to Zeitwerk's Kernel#require
decoration. That way it acts more like the original, and cooperates
better with other potential Kernel#require wrappers, like
Bootsnap's.
2.5.4 (2022-01-28)
* If a file did not define the expected constant, there was a reload, and
there were on_unload callbacks, Zeitwerk still tried to access the
constant during reload, which raised. This has been corrected.
Quote from commit logs.
1.29.1 (2021-05-20)
* Reraise the same exception object for exceptions with additional methods.
1.30.0 (2021-12-27)
* Fix for upcoming ruby 3.1.0.
1.31.0 (2022-01-07)
* Add small LRU cache implementation.
1.2.0 (2022-01-04)
What's Changed
* Support Thor::CoreExt::HashWithIndifferentAccess#except for Rails 6.0 by
@koic in #734
* The klass parameter 'inject_into_class' should be given a string
type.(also inject_into_module) by @ratovia in #752
* Added Shell::Basic#say_error by @postmodern in #750
* Check for duplicate content in relevant section when inserting into files
by @excid3 in #735
* Loaded the directory under tasks. by @Mitsuru53 in #747
* Update Thor::Actions#inside to return the value yielded by the block by
@jordan-brough in #712
* remove_file should unlink broken symlinks by @2called-chaos in #720
* Use string interpolation for trailing whitespace by @jonathanhefner in #730
* Indent multiline messages in say_status by @jonathanhefner in #714
* Allow leading hyphen in switch values when specified with = by @univerio
in #737
* Fix for #707 by @scambra in #708
* Support latest did_you_mean by @deivid-rodriguez in #761
New Contributors
* @ratovia made their first contribution in #752
* @excid3 made their first contribution in #735
* @Mitsuru53 made their first contribution in #747
* @jordan-brough made their first contribution in #712
* @2called-chaos made their first contribution in #720
* @univerio made their first contribution in #737
* @scambra made their first contribution in #708
1.2.1 (2022-01-04)
What's Changed
* Fix regressions with insert_into_file
5.1.0 (2021-12-22)
Bug fixes
* Fix the undefined method error for non rails project due to use of many? -
method from ActiveSupport. (#1459)
Features
* Add array option support for have db column matcher. (#1465)
* Add enum attributes support for validate_absence_of matcher. (#1464)
0.5.0 (2022-01-04)
Added
* Added support to read outside error count returned from XML formatter (#86)
Changed
* Moved to GitHub Actions for CI
* Test on current Ruby and RSpec versions
0.5.1 (2022-01-06)
Fixed
* Fixed compatibility with older rubies
5.0.3 (2022-01-26)
Bug Fixes:
* Properly name params in controller and request spec templates when using
the --model-name parameter. (@kenzo-tanaka, #2534)
* Fix parameter matching with mail delivery job and
ActionMailer::MailDeliveryJob. (Fabio Napoleoni, #2516, #2546)
* Fix Rails 7 have_enqueued_mail compatibility (Mikael Henriksson, #2537,
#2546)
5.1.0 (2022-01-26)
Enhancements:
* Make the API request scaffold template more consistent and compatible with
Rails 6.1. (Naoto Hamada, #2484)
* Change the scaffold rails_helper.rb template to use require_relative. (Jon
Dufresne, #2528)
3.11.0 (2022-02-09)
Enhancements:
* Return true from aggregate_failures when no exception occurs. (Jon Rowe,
#1225)
Deprecations:
* Print a deprecation message when using the implicit block expectation
syntax. (Phil Pirozhkov, #1139)
3.11.0 (2022-02-09)
Enhancements:
* Improve pluralisation of words ending with s (like process). (Joshua
Pinter, #2779)
* Add ordering by file modification time (most recent first). (Matheus
Richard, #2778)
* Add to_s to reserved names for #let and #subject. (Nick Flückiger, #2886)
* Introduce RSpec.current_scope to expose the current scope in which RSpec
is executing. e.g. :before_example_hook, :example etc. (@odinhb, #2895)
* Add named bold colours as options for custom colours. (#2913, #2914)
* Warn when (but not prevent) a SystemExit occurs. (Jared Beck, #2926)
No change log nor release note, here are quote from commit logs.
0.2.8 (2022-02-07)
* Fix wrong number of arguments (given 1, expected 0) (ArgumentError)
* Make id optional
1.4.7 (2022-01-16)
Improvements
* Added support for RubyInstaller2 3.1 or later.
[Reported by golirev][GitHub:ruby-gnome/ruby-gnome#1457]
Thanks
* golirev
1.1.3 (2022-01-18)
Fixes
* Fixed wrong package install on Windows.
1.1.2 (2022-01-18)
Improvements
* Changed priority for Homebrew on Linux. System package manager is preferred.
* Improved OpenSuSE detection.
* Added support for Ruby 3.1 based RubyInstaller.
1.4.3 (2022-01-20)
* Optimize serialization/deserialization of Symbols
* Support registering ext types for objects of subclasses of primitive types
(like Hash)
* Add optimized_symbols_parsing option to Factory#register_type on MRI
implementation
* Optimize to deduplicate Hash keys on JRuby
* Support JRuby 9.3 (and drop 9.1)
1.4.4 (2022-01-22)
* Specify the build option --platform=8 for older Java platforms
