fd2f1b0380
2.3.14: Security fix: The quote_table_name method in the ActiveRecord adapaters for Ruby on Rails were initially created solely for the purpose of escaping reserved words encountered in table names. However over time 3rd party libraries, and rails itself, grew to rely on those functions as a way to sanitize potentially malicious user input. As a result these functions need to be hardened to manage malicious input rather than assuming they're being passed benign values generated by rails itself. |
||
|---|---|---|
| .. | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||