diff options
Diffstat (limited to 'lib/actionmailer_patches.rb')
| -rw-r--r-- | lib/actionmailer_patches.rb | 15 | 
1 files changed, 15 insertions, 0 deletions
| diff --git a/lib/actionmailer_patches.rb b/lib/actionmailer_patches.rb new file mode 100644 index 000000000..600d3c8cc --- /dev/null +++ b/lib/actionmailer_patches.rb @@ -0,0 +1,15 @@ +# Monkey patch for CVE-2013-4389 +# derived from http://seclists.org/oss-sec/2013/q4/118 to fix +# a possible DoS vulnerability in the log subscriber component of +# Action Mailer. + +require 'action_mailer' +module ActionMailer +  class LogSubscriber < ActiveSupport::LogSubscriber +    def deliver(event) +      recipients = Array.wrap(event.payload[:to]).join(', ') +      info("\nSent mail to #{recipients} (#{event.duration.round(1)}ms)") +      debug(event.payload[:mail]) +    end +  end +end | 
