activesupport/lib/active_support/callbacks.rb · v4.2.7.1 · Rails relative code / rails-deleted-2

Jan 18, 2016

Eliminate instance level writers for class accessors · e3ceb28e

Aaron Patterson authored Jan 18, 2016

Instance level writers can have an impact on how the Active Model /
Record objects are saved.  Specifically, they can be used to bypass
validations.  This is a problem if mass assignment protection is
disabled and specific attributes are passed to the constructor.

Conflicts:
	activerecord/lib/active_record/scoping/default.rb
	activesupport/lib/active_support/callbacks.rb

CVE-2016-0753

e3ceb28e

Eliminate instance level writers for class accessors

Aaron Patterson authored Jan 18, 2016

Instance level writers can have an impact on how the Active Model /
Record objects are saved.  Specifically, they can be used to bypass
validations.  This is a problem if mass assignment protection is
disabled and specific attributes are passed to the constructor.

Conflicts:
	activerecord/lib/active_record/scoping/default.rb
	activesupport/lib/active_support/callbacks.rb

CVE-2016-0753