-
-
Notifications
You must be signed in to change notification settings - Fork 411
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Teach Hash#slice to only include keys that exist in original #289
Teach Hash#slice to only include keys that exist in original #289
Conversation
Previously this would blow up if you asked for a key that wasn't in the original hash. This is consistent with Rails' version of Hash#slice.
Teach Hash#slice to only include keys that exist in original
Thanks. |
Is a new version of the gem going to be released with this fix? |
@carlosantoniodasilva When will this fix be pushed to RubyGems? |
@svenfuchs rubysec/ruby-advisory-db#182 |
Also summoning @radar as the last person to release. |
### Why The previous version of i18n has a critical vulnerability that has been addressed in a subsequent release. ``` Name: i18n Version: 0.7.0 Advisory: CVE-2014-10077 Criticality: Unknown URL: ruby-i18n/i18n#289 Title: i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Solution: upgrade to >= 0.8.0 ``` ### What This PR updates i18n to 0.8.0 to address this security vulnerability.
CVE-2014-10077 was assigned for this issue. |
Looks to be all fixed! Wonderful :) |
Not sure where to report this, but bumping to 0.8 means that Rails 4 users won't be able to get this update, because activesupport is pinned to 0.7: https://github.com/rails/rails/blob/v4.2.10/activesupport/activesupport.gemspec#L23 |
@ghiculescu, ...no? |
yeah wow i am totally wrong, sorry, ignore me. |
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS This address CVE-2014-10077 For more information: * ruby-i18n/i18n#289
* Upgrade i18n i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS This address CVE-2014-10077 For more information: * ruby-i18n/i18n#289 * Update faker.gemspec
* Upgrade i18n i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS This address CVE-2014-10077 For more information: * ruby-i18n/i18n#289 * Update faker.gemspec
* Upgrade i18n i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS This address CVE-2014-10077 For more information: * ruby-i18n/i18n#289 * Update faker.gemspec
Previously this would blow up if you asked for a key that wasn't in the
original hash. This is consistent with Rails' version of Hash#slice.