Hi everyone! Rails 18.104.22.168 and 22.214.171.124 have been released! These releases contain important security fixes, so please upgrade when you can.
Both releases contain the following fixes:
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
[CVE-2020-8167] CSRF Vulnerability in rails-ujs
Rails 126.96.36.199 and 188.8.131.52 are now available.
(In reply to Hans de Graaff from comment #3)
> cleanup done.
Thank you. All done!