gems rails 5.2.6

latest releases: 8.0.0, 7.2.2, 7.1.5...
3 years ago

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Accept base64_urlsafe CSRF tokens to make forward compatible.

    Base64 strict-encoded CSRF tokens are not inherently websafe, which makes
    them difficult to deal with. For example, the common practice of sending
    the CSRF token to a browser in a client-readable cookie does not work properly
    out of the box: the value has to be url-encoded and decoded to survive transport.

    In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently
    safe to transport. Validation accepts both urlsafe tokens, and strict-encoded
    tokens for backwards compatibility.

    How the tokes are encoded is controllr by the action_controller.urlsafe_csrf_tokens
    config.

    In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded.

    Atention: If you already upgraded your application to 5.2.5, set the config
    urlsafe_csrf_tokens to true, otherwise your form submission will start to fail
    during the deploy of this new version.

    Rails.application.config.action_controller.urlsafe_csrf_tokens = true

    If you are upgrading from 5.2.4.x, you don't need to change this configuration.

    Scott Blum, Étienne Barrié

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Railties

  • No changes.

Don't miss a new rails release

NewReleases is sending notifications on new releases.