mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update CHANGELOGs for 6.0.0.beta3 release

This commit is contained in:
John Hawthorn 2019-03-22 13:13:01 -07:00
parent f40860800c
commit 5c2d695993
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
actionview/CHANGELOG.md
View File

@ -1,6 +1,15 @@
## Rails 6.0.0.beta3 (March 11, 2019) ##
* No changes.
* Only accept formats from registered mime types
A lack of filtering on mime types could allow an a attacker to read
arbitrary files on the target server or to perform a denial of service
attack.
Fixes CVE-2019-5418
Fixes CVE-2019-5419
*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
## Rails 6.0.0.beta2 (February 25, 2019) ##

12
railties/CHANGELOG.md
View File

@ -4,7 +4,17 @@
## Rails 6.0.0.beta3 (March 11, 2019) ##
* No changes.
* Generate random development secrets
A random development secret is now generated to tmp/development_secret.txt
This avoids an issue where development mode servers were vulnerable to
remote code execution.
Fixes CVE-2019-5420
*Eileen M. Uchitelle*, *Aaron Patterson*, *John Hawthorn*
## Rails 6.0.0.beta2 (February 25, 2019) ##