Consul v1.1.0 Release Notes

Release Date: 2021-09-28 // over 2 years ago
  • ๐Ÿ’ฅ Breaking changes

    • โœ‚ remove no longer supported ruby versions (2.3.8, 2.4.5)
    • ๐Ÿš… Consul no longer depends on the whole rails framework

    Compatible changes

    • โž• add Ruby 3 compatibility

Previous changes from v1.0.3

  • ๐Ÿ”’ Security fix

    ๐Ÿš€ This releases fix a security issue where in a controller with multiple power directives, the :only and :except options of the last directive was applied to all directives.

    Affected code looks like this:

    class UsersController < ApplicationController
      power :foo
      power :bar, only: :index

    In this example both the powers :foo and :bar were only checked for the #index action. Other actions were left unprotected by powers checks.

    Controllers with a single power directive are unaffected. Contollers where neither power uses :only or :except options are unaffected.

    This vulnerability has been assigned the CVE identifier CVE-2019-16377.

    Compatible changes

    • ๐Ÿ‘€ The RSpec matcher check_power now also sees powers inherited by a parent controller.