Consul v1.0.3

Version Release Notes from September 24, 2019 (over 5 years ago)

« Changelog History

Consul v1.0.3 Release Notes

Release Date: 2019-09-24 // over 5 years ago

🔒 Security fix

🚀 This releases fix a security issue where in a controller with multiple power directives, the :only and :except options of the last directive was applied to all directives.

Affected code looks like this:
```
class UsersController < ApplicationController
  power :foo
  power :bar, only: :index

  ...
end
```
In this example both the powers :foo and :bar were only checked for the #index action. Other actions were left unprotected by powers checks.

Controllers with a single power directive are unaffected. Contollers where neither power uses :only or :except options are unaffected.

This vulnerability has been assigned the CVE identifier CVE-2019-16377.

Compatible changes
- 👀 The RSpec matcher check_power now also sees powers inherited by a parent controller.

Awesome Ruby is part of the LibHunt network. Terms. Privacy Policy.