Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rails/rails
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v6.0.6
Choose a base ref
...
head repository: rails/rails
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v6.0.6.1
Choose a head ref
  • 2 commits
  • 40 files changed
  • 1 contributor

Commits on Jan 17, 2023

  1. Make sanitize_as_sql_comment more strict 

    Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.

This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.

This also clarifies in the documentation of annotate that it should not
be provided user input.

[CVE-2023-22794]
    @jhawthorn
    jhawthorn committed Jan 17, 2023
    Configuration menu
    Copy the full SHA
    91e0722 View commit details
    Browse the repository at this point in the history

  2. Version 6.0.6.1

    @jhawthorn
    jhawthorn committed Jan 17, 2023
    Configuration menu
    Copy the full SHA
    28bb76d View commit details
    Browse the repository at this point in the history
Loading