Conversation
**UPDATES:** * Ruby updated to 2.3.4 * Rails updated to 4.2.8 * ActiveAdmin updated to 1.0.0 stable * And other stable updates --- Security updates for Rails includes previously mentioned: * CVE-2016-6317 5/10 Threat Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. * CVE-2016-6316 4.3/10 Threat Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. --- Server was complaining about `backbone-min.map` and `underscore-min.map` missing so I added those in. ActiveAdmin pages when first gone to from regular site would falsely include the application template. A javascript fix was implemented for this. ActiveAdmin logout would previously exit to the admin login page. This has been fixed. Navbar had a dropdown menu with no useful links. This has been removed. A few links were painfully huge at header 1 size. I've reduced those to header 3 size.
|
If you find these changes acceptable I would really appreciate having them merged in. |
|
@h-m-m Should I ask some one else to review?
|
|
I'd feel best if someone on the project looked since I don't have much context. That said, I don't see anything glaring there. Pretty straightforward changes that don't involve any business logic of sorts. 👍 Thanks for putting in the work! |
2 participants
This is similar to PR #79 .
UPDATES:
Security updates for Rails includes previously mentioned:
CVE-2016-6317 5/10 Threat
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does
not properly consider differences in parameter handling
between the Active Record component and the JSON
implementation, which allows remote attackers to bypass
intended database-query restrictions and perform NULL
checks or trigger missing WHERE clauses via a crafted
request, as demonstrated by certain "[nil]" values, a
related issue to CVE-2012-2660, CVE-2012-2694, and
CVE-2013-0155.
CVE-2016-6316 4.3/10 Threat
Cross-site scripting (XSS) vulnerability in Action View
in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1,
and 5.x before 5.0.0.1 might allow remote attackers to
inject arbitrary web script or HTML via text declared as
"HTML safe" and used as attribute values in tag handlers.
Server was complaining about
backbone-min.mapandunderscore-min.mapmissing so I added those in.ActiveAdmin pages when first visited from the main site
would falsely include the application template. A
Javascript fix was implemented for this.
ActiveAdmin logout would previously exit to the admin
login page. This has been fixed.
Navbar had a drop down menu with no useful links. This
has been removed.
A few links were painfully huge at header 1 size. I've
reduced those to header 3 size.