Skip to content

6.1.6
Compare
Choose a tag to compare
@rafaelfranca rafaelfranca released this 12 May 20:12
· 13636 commits to main since this release
v6.1.6
This tag was signed with the committer’s verified signature.
eileencodes Eileen M. Uchitelle
GPG key ID: BA5C575120BBE8DF
Learn about vigilant mode.
147557d
This commit was signed with the committer’s verified signature.
eileencodes Eileen M. Uchitelle
GPG key ID: BA5C575120BBE8DF
Learn about vigilant mode.

Active Support

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Add the method ERB::Util.xml_name_escape to escape dangerous characters
    in names of tags and names of attributes, following the specification of XML.

    Álvaro Martín Fraguas

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Escape dangerous characters in names of tags and names of attributes in the
    tag helpers, following the XML specification. Rename the option
    :escape_attributes to :escape, to simplify by applying the option to the
    whole tag.

    Álvaro Martín Fraguas

Action Pack

  • Allow Content Security Policy DSL to generate for API responses.

    Tim Wade

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.
Assets 2