Hi everyone! Rails 220.127.116.11 and 18.104.22.168 have been released! These releases contain important security fixes, so please upgrade when you can.
Both releases contain the following fixes:
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
[CVE-2020-8167] CSRF Vulnerability in rails-ujs
Rails 22.214.171.124 and 126.96.36.199 are now available.
(In reply to Hans de Graaff from comment #3)
> cleanup done.
Thank you. All done!