Headline
CVE-2022-35956: Release v0.1.3-stable · camilova/activerecord-update-by-case
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 update_by_case
gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses Arel
instead to construct the resulting sql statement, with sanitized sql.
Compare
Choose a tag to compare
Latest
Latest
camilova released this
· 2 commits to master since this release
v0.1.3-stable
31c44b7
Compare
Choose a tag to compare
This releases uses Arel instead custom strings to make resulting SQL statement, making code more secure against SQL Injection.
Related news
Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql.