Active Support
- No changes.
Active Model
- No changes.
Active Record
- No changes.
Action View
- No changes.
Action Pack
-
Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903 -
Prevent catastrophic backtracking during mime parsing
CVE-2021-22902 -
Prevent regex DoS in HTTP token authentication
CVE-2021-22904 -
Prevent string polymorphic route arguments.
url_for
supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.Gannon McGibbon
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.