Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Teach Hash#slice to only include keys that exist in original #289

Merged
merged 1 commit into from
Jan 10, 2015
Merged

Teach Hash#slice to only include keys that exist in original #289

merged 1 commit into from
Jan 10, 2015

Conversation

lmarlow
Copy link
Contributor

@lmarlow lmarlow commented Sep 26, 2014

Previously this would blow up if you asked for a key that wasn't in the
original hash. This is consistent with Rails' version of Hash#slice.

@lmarlow
Teach Hash#slice to only include keys that exist in original
24e71a9 
Previously this would blow up if you asked for a key that wasn't in the
original hash. This is consistent with Rails' version of Hash#slice.
carlosantoniodasilva added a commit that referenced this pull request Jan 10, 2015
@carlosantoniodasilva
Merge pull request #289 from lmarlow/slice_non_existent_keys
9c8b240 
Teach Hash#slice to only include keys that exist in original
@carlosantoniodasilva carlosantoniodasilva merged commit 9c8b240 into ruby-i18n:master Jan 10, 2015
@carlosantoniodasilva
Copy link
Member

Thanks.

carlosantoniodasilva added a commit that referenced this pull request Jan 10, 2015
@carlosantoniodasilva
Update changelog with #289 [ci skip]
a69c73d
@carlosantoniodasilva carlosantoniodasilva mentioned this pull request Jan 10, 2015
Closed
@codegoalie codegoalie mentioned this pull request Jun 5, 2015
Closed
@reedloden
Copy link

Is a new version of the gem going to be released with this fix?

This was referenced Jul 20, 2015
Merged
Merged
@VanessaHenderson
Copy link

@carlosantoniodasilva When will this fix be pushed to RubyGems?

@BookOfGreg
Copy link

@svenfuchs rubysec/ruby-advisory-db#182
rubysec/ruby-advisory-db is alerting this gem on this PR.
Has this been deployed already?

@BookOfGreg
Copy link

BookOfGreg commented Nov 6, 2018
edited
Loading

Also summoning @radar as the last person to release.
Edit:
Sorry for the unneccessary summons, looks like a fix inbound rubysec/ruby-advisory-db@25eb466

cchawn added a commit to wealthsimple/middleman that referenced this pull request Nov 6, 2018
@cchawn
Bump i18n version to 0.8.0 from 0.7.0
3711132 
### Why
The previous version of i18n has a critical vulnerability that has been addressed in a subsequent release.

```
Name: i18n
Version: 0.7.0
Advisory: CVE-2014-10077
Criticality: Unknown
URL: ruby-i18n/i18n#289
Title: i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Solution: upgrade to >= 0.8.0
```

### What
This PR updates i18n to 0.8.0 to address this security vulnerability.
@carnil
Copy link

carnil commented Nov 6, 2018

CVE-2014-10077 was assigned for this issue.

@radar
Copy link
Collaborator

radar commented Nov 6, 2018

Looks to be all fixed! Wonderful :)

@ghiculescu
Copy link
Contributor

Not sure where to report this, but bumping to 0.8 means that Rails 4 users won't be able to get this update, because activesupport is pinned to 0.7: https://github.com/rails/rails/blob/v4.2.10/activesupport/activesupport.gemspec#L23

@MrBerg
Copy link

MrBerg commented Nov 7, 2018

@ghiculescu, ...no? i18n ~> 0.7 is the same as i18n >= 0.7, < 1 (unless .gemspec files use ~> differently from Gemfiles) so 0.8 totally works for Rails 4.

@ghiculescu
Copy link
Contributor

yeah wow i am totally wrong, sorry, ignore me.

@scottbarrow scottbarrow mentioned this pull request Jan 28, 2019
Closed
EduardoGHdez added a commit to EduardoGHdez/faker that referenced this pull request Aug 9, 2019
@EduardoGHdez
Upgrade i18n
2d4fedf 
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289
@EduardoGHdez EduardoGHdez mentioned this pull request Aug 9, 2019
Merged
vbrazo pushed a commit to faker-ruby/faker that referenced this pull request Aug 10, 2019
@EduardoGHdez @vbrazo
Upgrade i18n (#1685)
9b55805 
* Upgrade i18n

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289

* Update faker.gemspec
michebble pushed a commit to michebble/faker that referenced this pull request Feb 16, 2020
@EduardoGHdez @michebble
Upgrade i18n (faker-ruby#1685)
aa802a1 
* Upgrade i18n

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289

* Update faker.gemspec
davidmorton0 pushed a commit to davidmorton0/faker that referenced this pull request Jul 12, 2021
@EduardoGHdez @vbrazo
Upgrade i18n (faker-ruby#1685)
b121213 
* Upgrade i18n

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289

* Update faker.gemspec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@lmarlow @carlosantoniodasilva @reedloden @VanessaHenderson @BookOfGreg @carnil @radar @ghiculescu @MrBerg