Changeset: Changeset [1f07a89c5946910fc28ea5ccd1da6af8a0f972a0] by Coda Hale - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

List changesets

This project is archived and is in readonly mode.

Changeset [1f07a89c5946910fc28ea5ccd1da6af8a0f972a0] by Coda Hale

September 3rd, 2009 @ 10:26 PM

Fix timing attack vulnerability in ActiveSupport::MessageVerifier.

Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.

Signed-off-by: Michael Koziarski michael@koziarski.com
http://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6a...

Committed by Coda Hale

M activesupport/lib/active_support/message_verifier.rb

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

Rails Ruby on Rails

Keyword searching

Changeset [1f07a89c5946910fc28ea5ccd1da6af8a0f972a0] by Coda Hale

Create your profile

Shared Ticket Bins (Sort)