Skip to content

v5.4.0.rc2

Pre-release
Pre-release
Compare
Choose a tag to compare
@nbulaj nbulaj released this 02 May 13:28
· 17 commits to master since this release
v5.4.0.rc2
b9adf37
This commit was signed with the committer’s verified signature.
nbulaj Nikita Bulai
GPG key ID: 0FA6B29441C25112
Learn about vigilant mode.

  • [#1371] Add #as_json method and attributes serialization restriction for Application model.
    Fixes information disclosure vulnerability (CVE-2020-10187).

    [IMPORTANT] you need to re-implement #as_json method for Doorkeeper Application model
    if you previously used #to_json serialization with custom options or attributes or rely on
    JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
    is a breaking change which restricts serialized attributes to a very small set of columns.

  • [#1395] Fix NameError: uninitialized constant Doorkeeper::AccessToken for Rake tasks.

  • [#1397] Add as: :doorkeeper_application on Doorkeeper application form in order to support
    custom configured application model.

  • [#1400] Correctly yield the application instance to allow_grant_flow_for_client? config
    option (fixes #1398).

  • [#1402] Handle trying authorization with client credentials.

Assets 2
Loading