[SECURITY] Upgrade Mojolicous to 8.42
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
People
(Reporter: glob, Assigned: dkl)
Details
Attachments
(1 file)
|
13.74 KB,
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
https://github.com/mojolicious/mojo/compare/9353f520d205...3c1c99a7131a
8.42 2020-05-04
- This release contains fixes for security issues, everybody should upgrade!
- Added EXPERIMENTAL support for :any-link pseudo-class to Mojo::DOM::CSS.
- Added EXPERIMENTAL support for case-sensitive attribute selectors like
[foo="bar" s] to Mojo::DOM::CSS
- Renamed experimental :matches pseudo-class to :is in Mojo::DOM::CSS.
- Fixed a security issue that allowed for _method query parameters to be used
with GET requests.
- Fixed a bug in Mojo::DOM::CSS where the case-sensitivity identifier was
case-sensitive.
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 1•5 years ago
|
||
|
|
Assignee | |
Comment 3•5 years ago
|
||
(In reply to Byron Jones ‹:glob› 🎈 from comment #2)
Comment on attachment 9145953 [details] [diff] [review]
1635332_1.patchReview of attachment 9145953 [details] [diff] [review]:
::: Bugzilla/App/Plugin/OAuth2.pm
@@ +82,5 @@my ($c, $client_id, $scopes_ref)
= @args{qw/ mojo_controller client_id scopes /};
- $c->bugzilla->login(LOGIN_REQUIRED) || return undef;
This appears to be unrelated to the Mojo update.
Updating to Mojo 8.42 caused failure in t/mojo-oauth2.t with a foreign key exception when calling issue_session_token() in Token.pm. It was happening during the confirm_oauth_scopes stage of the workflow. issue_session_token() was trying to insert a userid of 0 which meant the user was logged out instead of being logged in during that stage. Adding call to ->login fixed the issue and allow the test to pass.
|
|
Assignee | |
Comment 5•5 years ago
|
||
Merged to master.
|
|
Assignee | |
Updated•5 years ago
|
Description
•