Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Teach Hash#slice to only include keys that exist in original #289

Merged
merged 1 commit into from
Jan 10, 2015
Merged

Teach Hash#slice to only include keys that exist in original #289

merged 1 commit into from
Jan 10, 2015

Conversation

lmarlow
Copy link
Contributor

@lmarlow lmarlow commented Sep 26, 2014

Previously this would blow up if you asked for a key that wasn't in the
original hash. This is consistent with Rails' version of Hash#slice.

@lmarlow
Teach Hash#slice to only include keys that exist in original
24e71a9 
Previously this would blow up if you asked for a key that wasn't in the
original hash. This is consistent with Rails' version of Hash#slice.
carlosantoniodasilva added a commit that referenced this pull request Jan 10, 2015
@carlosantoniodasilva
Merge pull request #289 from lmarlow/slice_non_existent_keys
9c8b240 
Teach Hash#slice to only include keys that exist in original
@carlosantoniodasilva carlosantoniodasilva merged commit 9c8b240 into ruby-i18n:master Jan 10, 2015
@carlosantoniodasilva
Copy link
Member

Thanks.

carlosantoniodasilva added a commit that referenced this pull request Jan 10, 2015
@carlosantoniodasilva
Update changelog with #289 [ci skip]
a69c73d
@carlosantoniodasilva carlosantoniodasilva mentioned this pull request Jan 10, 2015
Closed
@codegoalie codegoalie mentioned this pull request Jun 5, 2015
Closed
@reedloden
Copy link

Is a new version of the gem going to be released with this fix?

This was referenced Jul 20, 2015
Merged
Merged
@VanessaHenderson
Copy link

@carlosantoniodasilva When will this fix be pushed to RubyGems?

@BookOfGreg
Copy link

@svenfuchs rubysec/ruby-advisory-db#182
rubysec/ruby-advisory-db is alerting this gem on this PR.
Has this been deployed already?

@BookOfGreg
Copy link

BookOfGreg commented Nov 6, 2018
edited
Loading

Also summoning @radar as the last person to release.
Edit:
Sorry for the unneccessary summons, looks like a fix inbound rubysec/ruby-advisory-db@25eb466

cchawn added a commit to wealthsimple/middleman that referenced this pull request Nov 6, 2018
@cchawn
Bump i18n version to 0.8.0 from 0.7.0
3711132 
### Why
The previous version of i18n has a critical vulnerability that has been addressed in a subsequent release.

```
Name: i18n
Version: 0.7.0
Advisory: CVE-2014-10077
Criticality: Unknown
URL: ruby-i18n/i18n#289
Title: i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Solution: upgrade to >= 0.8.0
```

### What
This PR updates i18n to 0.8.0 to address this security vulnerability.
@carnil
Copy link

carnil commented Nov 6, 2018

CVE-2014-10077 was assigned for this issue.

@radar
Copy link
Collaborator

radar commented Nov 6, 2018

Looks to be all fixed! Wonderful :)

@ghiculescu
Copy link
Contributor

Not sure where to report this, but bumping to 0.8 means that Rails 4 users won't be able to get this update, because activesupport is pinned to 0.7: https://github.com/rails/rails/blob/v4.2.10/activesupport/activesupport.gemspec#L23

@MrBerg
Copy link

MrBerg commented Nov 7, 2018

@ghiculescu, ...no? i18n ~> 0.7 is the same as i18n >= 0.7, < 1 (unless .gemspec files use ~> differently from Gemfiles) so 0.8 totally works for Rails 4.

@ghiculescu
Copy link
Contributor

yeah wow i am totally wrong, sorry, ignore me.

@scottbarrow scottbarrow mentioned this pull request Jan 28, 2019
Closed
EduardoGHdez added a commit to EduardoGHdez/faker that referenced this pull request Aug 9, 2019
@EduardoGHdez
Upgrade i18n
2d4fedf 
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289
@EduardoGHdez EduardoGHdez mentioned this pull request Aug 9, 2019
Merged
vbrazo pushed a commit to faker-ruby/faker that referenced this pull request Aug 10, 2019
@EduardoGHdez @vbrazo
Upgrade i18n (#1685)
9b55805 
* Upgrade i18n

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289

* Update faker.gemspec
michebble pushed a commit to michebble/faker that referenced this pull request Feb 16, 2020
@EduardoGHdez @michebble
Upgrade i18n (faker-ruby#1685)
aa802a1 
* Upgrade i18n

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289

* Update faker.gemspec
davidmorton0 pushed a commit to davidmorton0/faker that referenced this pull request Jul 12, 2021
@EduardoGHdez @vbrazo
Upgrade i18n (faker-ruby#1685)
b121213 
* Upgrade i18n

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash
Handling DoS

This address CVE-2014-10077

For more information:
  * ruby-i18n/i18n#289

* Update faker.gemspec
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@lmarlow @carlosantoniodasilva @reedloden @VanessaHenderson @BookOfGreg @carnil @radar @ghiculescu @MrBerg