Version 7.0.4.1

Gemfile.lock

@@ -24,88 +24,88 @@ GIT
 PATH
  remote: .
  specs:
- actioncable (7.0.4)
- actionpack (= 7.0.4)
- activesupport (= 7.0.4)
+ actioncable (7.0.4.1)
+ actionpack (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  nio4r (~> 2.0)
  websocket-driver (>= 0.6.1)
- actionmailbox (7.0.4)
- actionpack (= 7.0.4)
- activejob (= 7.0.4)
- activerecord (= 7.0.4)
- activestorage (= 7.0.4)
- activesupport (= 7.0.4)
+ actionmailbox (7.0.4.1)
+ actionpack (= 7.0.4.1)
+ activejob (= 7.0.4.1)
+ activerecord (= 7.0.4.1)
+ activestorage (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  mail (>= 2.7.1)
  net-imap
  net-pop
  net-smtp
- actionmailer (7.0.4)
- actionpack (= 7.0.4)
- actionview (= 7.0.4)
- activejob (= 7.0.4)
- activesupport (= 7.0.4)
+ actionmailer (7.0.4.1)
+ actionpack (= 7.0.4.1)
+ actionview (= 7.0.4.1)
+ activejob (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  mail (~> 2.5, >= 2.5.4)
  net-imap
  net-pop
  net-smtp
  rails-dom-testing (~> 2.0)
- actionpack (7.0.4)
- actionview (= 7.0.4)
- activesupport (= 7.0.4)
+ actionpack (7.0.4.1)
+ actionview (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  rack (~> 2.0, >= 2.2.0)
  rack-test (>= 0.6.3)
  rails-dom-testing (~> 2.0)
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (7.0.4)
- actionpack (= 7.0.4)
- activerecord (= 7.0.4)
- activestorage (= 7.0.4)
- activesupport (= 7.0.4)
+ actiontext (7.0.4.1)
+ actionpack (= 7.0.4.1)
+ activerecord (= 7.0.4.1)
+ activestorage (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  globalid (>= 0.6.0)
  nokogiri (>= 1.8.5)
- actionview (7.0.4)
- activesupport (= 7.0.4)
+ actionview (7.0.4.1)
+ activesupport (= 7.0.4.1)
  builder (~> 3.1)
  erubi (~> 1.4)
  rails-dom-testing (~> 2.0)
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
- activejob (7.0.4)
- activesupport (= 7.0.4)
+ activejob (7.0.4.1)
+ activesupport (= 7.0.4.1)
  globalid (>= 0.3.6)
- activemodel (7.0.4)
- activesupport (= 7.0.4)
- activerecord (7.0.4)
- activemodel (= 7.0.4)
- activesupport (= 7.0.4)
- activestorage (7.0.4)
- actionpack (= 7.0.4)
- activejob (= 7.0.4)
- activerecord (= 7.0.4)
- activesupport (= 7.0.4)
+ activemodel (7.0.4.1)
+ activesupport (= 7.0.4.1)
+ activerecord (7.0.4.1)
+ activemodel (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
+ activestorage (7.0.4.1)
+ actionpack (= 7.0.4.1)
+ activejob (= 7.0.4.1)
+ activerecord (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  marcel (~> 1.0)
  mini_mime (>= 1.1.0)
- activesupport (7.0.4)
+ activesupport (7.0.4.1)
  concurrent-ruby (~> 1.0, >= 1.0.2)
  i18n (>= 1.6, < 2)
  minitest (>= 5.1)
  tzinfo (~> 2.0)
- rails (7.0.4)
- actioncable (= 7.0.4)
- actionmailbox (= 7.0.4)
- actionmailer (= 7.0.4)
- actionpack (= 7.0.4)
- actiontext (= 7.0.4)
- actionview (= 7.0.4)
- activejob (= 7.0.4)
- activemodel (= 7.0.4)
- activerecord (= 7.0.4)
- activestorage (= 7.0.4)
- activesupport (= 7.0.4)
+ rails (7.0.4.1)
+ actioncable (= 7.0.4.1)
+ actionmailbox (= 7.0.4.1)
+ actionmailer (= 7.0.4.1)
+ actionpack (= 7.0.4.1)
+ actiontext (= 7.0.4.1)
+ actionview (= 7.0.4.1)
+ activejob (= 7.0.4.1)
+ activemodel (= 7.0.4.1)
+ activerecord (= 7.0.4.1)
+ activestorage (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  bundler (>= 1.15.0)
- railties (= 7.0.4)
- railties (7.0.4)
- actionpack (= 7.0.4)
- activesupport (= 7.0.4)
+ railties (= 7.0.4.1)
+ railties (7.0.4.1)
+ actionpack (= 7.0.4.1)
+ activesupport (= 7.0.4.1)
  method_source
  rake (>= 12.2)
  thor (~> 1.0)
@@ -197,6 +197,7 @@ GEM
  daemons (1.4.1)
  dalli (3.2.0)
  dante (0.2.0)
+ date (3.3.3)
  debug (1.4.0)
  irb (>= 1.3.6)
  reline (>= 0.2.7)
@@ -206,7 +207,6 @@ GEM
  delayed_job_active_record (4.1.6)
  activerecord (>= 3.0, < 6.2)
  delayed_job (>= 3.0, < 5)
- digest (3.1.0)
  digest-crc (0.6.4)
  rake (>= 12.0.0, < 14.0.0)
  em-http-request (1.1.7)
@@ -217,7 +217,7 @@ GEM
  http_parser.rb (>= 0.6.0)
  em-socksify (0.3.2)
  eventmachine (>= 1.0.0.beta.4)
- erubi (1.11.0)
+ erubi (1.12.0)
  et-orbi (1.2.6)
  tzinfo
  event_emitter (0.2.6)
@@ -326,11 +326,14 @@ GEM
  listen (3.7.0)
  rb-fsevent (~> 0.10, >= 0.10.3)
  rb-inotify (~> 0.9, >= 0.9.10)
- loofah (2.18.0)
+ loofah (2.19.1)
  crass (~> 1.0.2)
  nokogiri (>= 1.5.9)
- mail (2.7.1)
+ mail (2.8.0.1)
  mini_mime (>= 0.1.1)
+ net-imap
+ net-pop
+ net-smtp
  marcel (1.0.2)
  matrix (0.4.2)
  memoist (0.16.2)
@@ -357,24 +360,23 @@ GEM
  ruby2_keywords (~> 0.0.1)
  net-http-persistent (4.0.1)
  connection_pool (~> 2.2)
- net-imap (0.2.3)
- digest
+ net-imap (0.3.4)
+ date
  net-protocol
- strscan
- net-pop (0.1.1)
- digest
+ net-pop (0.1.2)
  net-protocol
+ net-protocol (0.2.1)
  timeout
- net-protocol (0.1.3)
- timeout
- net-smtp (0.3.1)
- digest
+ net-smtp (0.3.3)
  net-protocol
- timeout
  nio4r (2.5.8)
  nokogiri (1.13.0)
  mini_portile2 (~> 2.7.0)
  racc (~> 1.4)
+ nokogiri (1.13.0-x86_64-darwin)
+ racc (~> 1.4)
+ nokogiri (1.13.0-x86_64-linux)
+ racc (~> 1.4)
  os (1.1.4)
  parallel (1.21.0)
  parser (3.1.0.0)
@@ -403,8 +405,8 @@ GEM
  rails-dom-testing (2.0.3)
  activesupport (>= 4.2.0)
  nokogiri (>= 1.6)
- rails-html-sanitizer (1.4.3)
- loofah (~> 2.3)
+ rails-html-sanitizer (1.4.4)
+ loofah (~> 2.19, >= 2.19.1)
  rainbow (3.0.0)
  rake (13.0.6)
  rb-fsevent (0.11.0)
@@ -512,11 +514,14 @@ GEM
  stackprof (0.2.17)
  stimulus-rails (1.0.2)
  railties (>= 6.0.0)
- strscan (3.0.4)
  sucker_punch (3.0.1)
  concurrent-ruby (~> 1.0)
  tailwindcss-rails (2.0.4)
  railties (>= 6.0.0)
+ tailwindcss-rails (2.0.4-x86_64-darwin)
+ railties (>= 6.0.0)
+ tailwindcss-rails (2.0.4-x86_64-linux)
+ railties (>= 6.0.0)
  terser (1.1.8)
  execjs (>= 0.3.0, < 3)
  thin (1.8.1)
@@ -525,7 +530,7 @@ GEM
  rack (>= 1, < 3)
  thor (1.2.1)
  tilt (2.0.10)
- timeout (0.3.0)
+ timeout (0.3.1)
  trailblazer-option (0.1.2)
  turbo-rails (1.0.0)
  actionpack (>= 6.0.0)
@@ -556,7 +561,7 @@ GEM
  websocket-extensions (0.1.5)
  xpath (3.2.0)
  nokogiri (~> 1.8)
- zeitwerk (2.6.0)
+ zeitwerk (2.6.6)
 
 PLATFORMS
  ruby

RAILS_VERSION

@@ -1 +1 @@
-7.0.4
+7.0.4.1

actioncable/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 * The Redis adapter is now compatible with redis-rb 5.0

actioncable/lib/action_cable/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 7
  MINOR = 0
  TINY = 4
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actioncable/package.json

@@ -1,6 +1,6 @@
 {
  "name": "@rails/actioncable",
- "version": "7.0.4",
+ "version": "7.0.4-1",
  "description": "WebSocket framework for Ruby on Rails.",
  "module": "app/assets/javascripts/actioncable.esm.js",
  "main": "app/assets/javascripts/actioncable.js",

actionmailbox/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 * No changes.

actionmailbox/lib/action_mailbox/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 7
  MINOR = 0
  TINY = 4
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actionmailer/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 * No changes.

actionmailer/lib/action_mailer/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 7
  MINOR = 0
  TINY = 4
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actionpack/CHANGELOG.md

@@ -1,3 +1,21 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* Fix sec issue with _url_host_allowed?
+
+ Disallow certain strings from `_url_host_allowed?` to avoid a redirect
+ to malicious sites.
+
+ [CVE-2023-22797]
+
+* Avoid regex backtracking on If-None-Match header
+
+ [CVE-2023-22795]
+
+* Use string#split instead of regex for domain parts
+
+ [CVE-2023-22792]
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 * Prevent `ActionDispatch::ServerTiming` from overwriting existing values in `Server-Timing`.

actionpack/lib/action_pack/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 7
  MINOR = 0
  TINY = 4
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actiontext/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 * No changes.

actiontext/lib/action_text/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 7
  MINOR = 0
  TINY = 4
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actiontext/package.json

@@ -1,6 +1,6 @@
 {
  "name": "@rails/actiontext",
- "version": "7.0.4",
+ "version": "7.0.4-1",
  "description": "Edit and display rich text in Rails applications",
  "main": "app/assets/javascripts/actiontext.js",
  "type": "module",

actionview/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 * Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil